summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Android.common.mk2
-rw-r--r--ChangeLog2
-rw-r--r--INSTALL24
-rw-r--r--Makefile.in23
-rw-r--r--NEWS102
-rw-r--r--README80
-rw-r--r--conf/Makefile.am2
-rw-r--r--conf/Makefile.in13
-rw-r--r--conf/options/charon-logging.conf11
-rw-r--r--conf/options/charon-logging.opt23
-rw-r--r--conf/options/charon.conf2
-rw-r--r--conf/options/charon.opt2
-rw-r--r--conf/plugins/bypass-lan.conf2
-rw-r--r--conf/plugins/dhcp.conf4
-rw-r--r--conf/plugins/dhcp.opt15
-rw-r--r--conf/plugins/eap-radius.conf4
-rw-r--r--conf/plugins/eap-radius.opt4
-rw-r--r--conf/plugins/imc-swid.conf8
-rw-r--r--conf/plugins/imc-swid.opt8
-rw-r--r--conf/plugins/imc-swima.opt3
-rw-r--r--conf/plugins/imv-swid.conf8
-rw-r--r--conf/plugins/imv-swid.opt5
-rw-r--r--conf/plugins/tpm.conf14
-rw-r--r--conf/plugins/tpm.opt10
-rw-r--r--conf/strongswan.conf.5.head.in70
-rw-r--r--conf/strongswan.conf.5.main95
-rw-r--r--conf/strongswan.conf.5.tail.in16
-rw-r--r--config.h.in16
-rwxr-xr-xconfigure713
-rw-r--r--configure.ac58
-rw-r--r--fuzz/Makefile.am25
-rw-r--r--fuzz/Makefile.in36
-rw-r--r--init/Makefile.in11
-rw-r--r--init/systemd-swanctl/Makefile.in11
-rw-r--r--init/systemd-swanctl/strongswan-swanctl.service.in1
-rw-r--r--init/systemd/Makefile.in11
-rw-r--r--init/systemd/strongswan.service.in3
-rw-r--r--man/Makefile.in11
-rw-r--r--scripts/Makefile.in11
-rw-r--r--scripts/settings-test.c106
-rw-r--r--scripts/thread_analysis.c2
-rw-r--r--src/Makefile.am4
-rw-r--r--src/Makefile.in45
-rw-r--r--src/_copyright/Makefile.in11
-rw-r--r--src/_updown/Makefile.in11
-rw-r--r--src/aikgen/Makefile.in11
-rw-r--r--src/charon-cmd/Makefile.in11
-rw-r--r--src/charon-nm/Makefile.in11
-rw-r--r--src/charon-nm/nm/nm_service.c2
-rw-r--r--src/charon-svc/Makefile.in11
-rw-r--r--src/charon-systemd/Makefile.in11
-rw-r--r--src/charon-systemd/charon-systemd.c103
-rw-r--r--src/charon-tkm/Makefile.in11
-rw-r--r--src/charon-tkm/src/tkm/tkm_keymat.c8
-rw-r--r--src/charon/Makefile.in11
-rw-r--r--src/charon/charon.c15
-rw-r--r--src/checksum/Makefile.in11
-rw-r--r--src/conftest/Makefile.in11
-rw-r--r--src/conftest/README2
-rw-r--r--src/conftest/hooks/pretend_auth.c4
-rw-r--r--src/conftest/hooks/rebuild_auth.c4
-rw-r--r--src/dumm/Makefile.am34
-rw-r--r--src/dumm/Makefile.in914
-rw-r--r--src/dumm/bridge.c181
-rw-r--r--src/dumm/bridge.h76
-rw-r--r--src/dumm/cowfs.c980
-rw-r--r--src/dumm/cowfs.h72
-rw-r--r--src/dumm/dumm.c444
-rw-r--r--src/dumm/dumm.h150
-rw-r--r--src/dumm/ext/README8
-rw-r--r--src/dumm/ext/dumm.c797
-rw-r--r--src/dumm/ext/extconf.rb.in19
-rw-r--r--src/dumm/ext/lib/dumm.rb63
-rw-r--r--src/dumm/ext/lib/dumm/guest.rb59
-rw-r--r--src/dumm/guest.c682
-rw-r--r--src/dumm/guest.h222
-rw-r--r--src/dumm/iface.c299
-rw-r--r--src/dumm/iface.h115
-rw-r--r--src/dumm/irdumm.c68
-rw-r--r--src/dumm/main.c629
-rw-r--r--src/dumm/mconsole.c353
-rw-r--r--src/dumm/mconsole.h75
-rw-r--r--src/include/Makefile.in11
-rw-r--r--src/include/linux/xfrm.h3
-rw-r--r--src/ipsec/Makefile.in11
-rw-r--r--src/ipsec/_ipsec.84
-rw-r--r--src/ipsec/_ipsec.8.in2
-rw-r--r--src/ipsec/_ipsec.in2
-rw-r--r--src/libcharon/Makefile.in11
-rw-r--r--src/libcharon/attributes/mem_pool.h2
-rw-r--r--src/libcharon/bus/listeners/custom_logger.h9
-rw-r--r--src/libcharon/config/backend_manager.c214
-rw-r--r--src/libcharon/config/backend_manager.h15
-rw-r--r--src/libcharon/config/child_cfg.c67
-rw-r--r--src/libcharon/config/child_cfg.h35
-rw-r--r--src/libcharon/config/ike_cfg.c24
-rw-r--r--src/libcharon/config/ike_cfg.h11
-rw-r--r--src/libcharon/config/peer_cfg.c83
-rw-r--r--src/libcharon/config/peer_cfg.h24
-rw-r--r--src/libcharon/daemon.c24
-rw-r--r--src/libcharon/encoding/message.c33
-rw-r--r--src/libcharon/encoding/payloads/encrypted_payload.c34
-rw-r--r--src/libcharon/encoding/payloads/encrypted_payload.h13
-rw-r--r--src/libcharon/encoding/payloads/notify_payload.c14
-rw-r--r--src/libcharon/encoding/payloads/notify_payload.h8
-rw-r--r--src/libcharon/kernel/kernel_ipsec.h10
-rw-r--r--src/libcharon/network/receiver.c8
-rw-r--r--src/libcharon/plugins/addrblock/Makefile.in11
-rw-r--r--src/libcharon/plugins/android_dns/Makefile.in11
-rw-r--r--src/libcharon/plugins/android_log/Makefile.in11
-rw-r--r--src/libcharon/plugins/attr/Makefile.in11
-rw-r--r--src/libcharon/plugins/attr_sql/Makefile.in11
-rw-r--r--src/libcharon/plugins/bypass_lan/Makefile.in11
-rw-r--r--src/libcharon/plugins/certexpire/Makefile.in11
-rw-r--r--src/libcharon/plugins/connmark/Makefile.in11
-rw-r--r--src/libcharon/plugins/counters/Makefile.in11
-rw-r--r--src/libcharon/plugins/coupling/Makefile.in11
-rw-r--r--src/libcharon/plugins/dhcp/Makefile.in11
-rw-r--r--src/libcharon/plugins/dhcp/dhcp_socket.c9
-rw-r--r--src/libcharon/plugins/dnscert/Makefile.in11
-rw-r--r--src/libcharon/plugins/duplicheck/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_aka/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp2/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_dynamic/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_gtc/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_identity/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_md5/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_mschapv2/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_peap/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_radius/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_sim/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_sim_file/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_sim_pcsc/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.c1
-rw-r--r--src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_simaka_reauth/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_simaka_sql/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_tls/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_tnc/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_ttls/Makefile.in11
-rw-r--r--src/libcharon/plugins/error_notify/Makefile.in11
-rw-r--r--src/libcharon/plugins/ext_auth/Makefile.in11
-rw-r--r--src/libcharon/plugins/farp/Makefile.in11
-rw-r--r--src/libcharon/plugins/forecast/Makefile.in11
-rw-r--r--src/libcharon/plugins/ha/Makefile.in11
-rw-r--r--src/libcharon/plugins/ha/ha_kernel.c2
-rw-r--r--src/libcharon/plugins/ipseckey/Makefile.in11
-rw-r--r--src/libcharon/plugins/kernel_iph/Makefile.in11
-rw-r--r--src/libcharon/plugins/kernel_libipsec/Makefile.in11
-rw-r--r--src/libcharon/plugins/kernel_netlink/Makefile.in11
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c80
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c12
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c44
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h7
-rw-r--r--src/libcharon/plugins/kernel_pfkey/Makefile.in11
-rw-r--r--src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c71
-rw-r--r--src/libcharon/plugins/kernel_pfroute/Makefile.in11
-rw-r--r--src/libcharon/plugins/kernel_wfp/Makefile.in11
-rw-r--r--src/libcharon/plugins/led/Makefile.in11
-rw-r--r--src/libcharon/plugins/load_tester/Makefile.in11
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_control.c2
-rw-r--r--src/libcharon/plugins/lookip/Makefile.in11
-rw-r--r--src/libcharon/plugins/medcli/Makefile.in11
-rw-r--r--src/libcharon/plugins/medsrv/Makefile.in11
-rw-r--r--src/libcharon/plugins/osx_attr/Makefile.in11
-rw-r--r--src/libcharon/plugins/p_cscf/Makefile.in11
-rw-r--r--src/libcharon/plugins/radattr/Makefile.in11
-rw-r--r--src/libcharon/plugins/resolve/Makefile.in11
-rw-r--r--src/libcharon/plugins/save_keys/Makefile.in11
-rw-r--r--src/libcharon/plugins/smp/Makefile.in11
-rw-r--r--src/libcharon/plugins/smp/smp.c9
-rw-r--r--src/libcharon/plugins/socket_default/Makefile.in11
-rw-r--r--src/libcharon/plugins/socket_default/socket_default_socket.c2
-rw-r--r--src/libcharon/plugins/socket_dynamic/Makefile.in11
-rw-r--r--src/libcharon/plugins/socket_win/Makefile.in11
-rw-r--r--src/libcharon/plugins/sql/Makefile.in11
-rw-r--r--src/libcharon/plugins/stroke/Makefile.in11
-rw-r--r--src/libcharon/plugins/stroke/stroke_list.c14
-rw-r--r--src/libcharon/plugins/systime_fix/Makefile.in11
-rw-r--r--src/libcharon/plugins/tnc_ifmap/Makefile.in11
-rw-r--r--src/libcharon/plugins/tnc_pdp/Makefile.in11
-rw-r--r--src/libcharon/plugins/tnc_pdp/tnc_pdp.c2
-rw-r--r--src/libcharon/plugins/uci/Makefile.in11
-rw-r--r--src/libcharon/plugins/unity/Makefile.in11
-rw-r--r--src/libcharon/plugins/unity/unity_narrow.c5
-rw-r--r--src/libcharon/plugins/unity/unity_provider.c3
-rw-r--r--src/libcharon/plugins/updown/Makefile.in11
-rw-r--r--src/libcharon/plugins/vici/Makefile.in11
-rw-r--r--src/libcharon/plugins/vici/README.md5
-rw-r--r--src/libcharon/plugins/vici/perl/Makefile.in11
-rw-r--r--src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Message.pm53
-rw-r--r--src/libcharon/plugins/vici/python/Makefile.in11
-rw-r--r--src/libcharon/plugins/vici/ruby/Makefile.in11
-rw-r--r--src/libcharon/plugins/vici/ruby/lib/vici.rb2
-rw-r--r--src/libcharon/plugins/vici/vici_attribute.c2
-rw-r--r--src/libcharon/plugins/vici/vici_config.c125
-rw-r--r--src/libcharon/plugins/vici/vici_control.c4
-rw-r--r--src/libcharon/plugins/vici/vici_cred.c4
-rw-r--r--src/libcharon/plugins/vici/vici_message.c14
-rw-r--r--src/libcharon/plugins/vici/vici_query.c36
-rw-r--r--src/libcharon/plugins/whitelist/Makefile.in11
-rw-r--r--src/libcharon/plugins/xauth_eap/Makefile.in11
-rw-r--r--src/libcharon/plugins/xauth_generic/Makefile.in11
-rw-r--r--src/libcharon/plugins/xauth_noauth/Makefile.in11
-rw-r--r--src/libcharon/plugins/xauth_pam/Makefile.in11
-rw-r--r--src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c2
-rw-r--r--src/libcharon/sa/authenticator.h13
-rw-r--r--src/libcharon/sa/child_sa.c11
-rw-r--r--src/libcharon/sa/ike_sa.c1
-rw-r--r--src/libcharon/sa/ike_sa.h10
-rw-r--r--src/libcharon/sa/ike_sa_manager.c32
-rw-r--r--src/libcharon/sa/ikev1/keymat_v1.c1
-rw-r--r--src/libcharon/sa/ikev1/phase1.c2
-rw-r--r--src/libcharon/sa/ikev1/task_manager_v1.c8
-rw-r--r--src/libcharon/sa/ikev1/tasks/aggressive_mode.c22
-rw-r--r--src/libcharon/sa/ikev1/tasks/isakmp_vendor.c2
-rw-r--r--src/libcharon/sa/ikev1/tasks/main_mode.c21
-rw-r--r--src/libcharon/sa/ikev1/tasks/mode_config.c1
-rw-r--r--src/libcharon/sa/ikev1/tasks/quick_mode.c2
-rw-r--r--src/libcharon/sa/ikev1/tasks/xauth.c2
-rw-r--r--src/libcharon/sa/ikev2/authenticators/eap_authenticator.c56
-rw-r--r--src/libcharon/sa/ikev2/authenticators/psk_authenticator.c60
-rw-r--r--src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c171
-rw-r--r--src/libcharon/sa/ikev2/keymat_v2.c136
-rw-r--r--src/libcharon/sa/ikev2/keymat_v2.h20
-rw-r--r--src/libcharon/sa/ikev2/task_manager_v2.c5
-rw-r--r--src/libcharon/sa/ikev2/tasks/child_create.c20
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_auth.c352
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_init.c159
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_mobike.c4
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_mobike.h2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_rekey.c2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_vendor.c2
-rw-r--r--src/libcharon/sa/shunt_manager.c12
-rw-r--r--src/libcharon/sa/task.h6
-rw-r--r--src/libcharon/sa/trap_manager.c6
-rw-r--r--src/libcharon/tests/Makefile.am2
-rw-r--r--src/libcharon/tests/Makefile.in49
-rw-r--r--src/libcharon/tests/libcharon_tests.h1
-rw-r--r--src/libcharon/tests/suites/test_peer_cfg.c229
-rw-r--r--src/libcharon/tests/utils/exchange_test_helper.c4
-rw-r--r--src/libcharon/tests/utils/mock_net.c115
-rw-r--r--src/libcharon/tests/utils/mock_net.h (renamed from src/libimcv/plugins/imv_swid/imv_swid.c)24
-rw-r--r--src/libfast/Makefile.in11
-rw-r--r--src/libfast/fast_dispatcher.c2
-rw-r--r--src/libfast/fast_dispatcher.h2
-rw-r--r--src/libimcv/Android.mk9
-rw-r--r--src/libimcv/Makefile.am17
-rw-r--r--src/libimcv/Makefile.in98
-rw-r--r--src/libimcv/ietf/ietf_attr.c11
-rw-r--r--src/libimcv/ietf/ietf_attr.h24
-rw-r--r--src/libimcv/ietf/ietf_attr_pa_tnc_error.c13
-rw-r--r--src/libimcv/ietf/ietf_attr_pa_tnc_error.h16
-rw-r--r--src/libimcv/ietf/swima/ietf_swima_attr_req.c4
-rw-r--r--src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c130
-rw-r--r--src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c66
-rw-r--r--src/libimcv/imc/imc_agent.c24
-rw-r--r--src/libimcv/imc/imc_agent.h7
-rw-r--r--src/libimcv/imc/imc_state.h9
-rw-r--r--src/libimcv/imv/data.sql44
-rw-r--r--src/libimcv/imv/imv_agent.c12
-rw-r--r--src/libimcv/imv/imv_database.c3
-rw-r--r--src/libimcv/imv/imv_session.c10
-rw-r--r--src/libimcv/imv/imv_session.h12
-rw-r--r--src/libimcv/imv/imv_session_manager.c4
-rw-r--r--src/libimcv/imv/imv_state.h9
-rw-r--r--src/libimcv/plugins/imc_attestation/Makefile.in11
-rw-r--r--src/libimcv/plugins/imc_attestation/imc_attestation.c11
-rw-r--r--src/libimcv/plugins/imc_attestation/imc_attestation_state.c22
-rw-r--r--src/libimcv/plugins/imc_hcd/Makefile.in11
-rw-r--r--src/libimcv/plugins/imc_hcd/imc_hcd.c15
-rw-r--r--src/libimcv/plugins/imc_hcd/imc_hcd_state.c13
-rw-r--r--src/libimcv/plugins/imc_os/Makefile.in11
-rw-r--r--src/libimcv/plugins/imc_os/imc_os.c9
-rw-r--r--src/libimcv/plugins/imc_os/imc_os_state.c13
-rw-r--r--src/libimcv/plugins/imc_scanner/Makefile.in11
-rw-r--r--src/libimcv/plugins/imc_scanner/imc_scanner.c9
-rw-r--r--src/libimcv/plugins/imc_scanner/imc_scanner_state.c13
-rw-r--r--src/libimcv/plugins/imc_swid/Makefile.am36
-rw-r--r--src/libimcv/plugins/imc_swid/Makefile.in831
-rw-r--r--src/libimcv/plugins/imc_swid/imc_swid.c417
-rw-r--r--src/libimcv/plugins/imc_swid/imc_swid_state.c203
-rw-r--r--src/libimcv/plugins/imc_swid/imc_swid_state.h58
-rw-r--r--src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-3.swidtag11
-rw-r--r--src/libimcv/plugins/imc_swid/strongswan.org__strongSwan.swidtag.in11
-rw-r--r--src/libimcv/plugins/imc_swima/Makefile.am4
-rw-r--r--src/libimcv/plugins/imc_swima/Makefile.in14
-rw-r--r--src/libimcv/plugins/imc_swima/imc_swima.c309
-rw-r--r--src/libimcv/plugins/imc_swima/imc_swima_state.c84
-rw-r--r--src/libimcv/plugins/imc_swima/imc_swima_state.h60
-rw-r--r--src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-7-0.swidtag (renamed from src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-3.swidtag)4
-rw-r--r--src/libimcv/plugins/imc_test/Makefile.in11
-rw-r--r--src/libimcv/plugins/imc_test/imc_test_state.c13
-rw-r--r--src/libimcv/plugins/imv_attestation/Makefile.in11
-rw-r--r--src/libimcv/plugins/imv_attestation/attest_db.c2
-rw-r--r--src/libimcv/plugins/imv_attestation/imv_attestation_state.c25
-rw-r--r--src/libimcv/plugins/imv_hcd/Makefile.in11
-rw-r--r--src/libimcv/plugins/imv_hcd/imv_hcd_state.c25
-rw-r--r--src/libimcv/plugins/imv_os/Makefile.in11
-rw-r--r--src/libimcv/plugins/imv_os/imv_os_agent.c22
-rw-r--r--src/libimcv/plugins/imv_os/imv_os_state.c33
-rw-r--r--src/libimcv/plugins/imv_scanner/Makefile.in11
-rw-r--r--src/libimcv/plugins/imv_scanner/imv_scanner_state.c29
-rw-r--r--src/libimcv/plugins/imv_swid/Makefile.am21
-rw-r--r--src/libimcv/plugins/imv_swid/imv_swid_agent.c727
-rw-r--r--src/libimcv/plugins/imv_swid/imv_swid_agent.h36
-rw-r--r--src/libimcv/plugins/imv_swid/imv_swid_state.c417
-rw-r--r--src/libimcv/plugins/imv_swid/imv_swid_state.h145
-rw-r--r--src/libimcv/plugins/imv_swima/Makefile.in11
-rw-r--r--src/libimcv/plugins/imv_swima/imv_swima_agent.c112
-rw-r--r--src/libimcv/plugins/imv_swima/imv_swima_state.c45
-rw-r--r--src/libimcv/plugins/imv_swima/imv_swima_state.h14
-rw-r--r--src/libimcv/plugins/imv_test/Makefile.in11
-rw-r--r--src/libimcv/plugins/imv_test/imv_test_state.c21
-rw-r--r--src/libimcv/pts/pts.c1
-rw-r--r--src/libimcv/suites/test_imcv_swima.c154
-rw-r--r--src/libimcv/swid/swid_error.c55
-rw-r--r--src/libimcv/swid/swid_error.h58
-rw-r--r--src/libimcv/swid/swid_inventory.c342
-rw-r--r--src/libimcv/swid/swid_inventory.h83
-rw-r--r--src/libimcv/swid/swid_tag.c102
-rw-r--r--src/libimcv/swid/swid_tag.h70
-rw-r--r--src/libimcv/swid/swid_tag_id.c114
-rw-r--r--src/libimcv/swid/swid_tag_id.h73
-rw-r--r--src/libimcv/swima/swima_collector.c12
-rw-r--r--src/libimcv/swima/swima_data_model.c6
-rw-r--r--src/libimcv/swima/swima_event.h1
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c3
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c18
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c8
-rw-r--r--src/libimcv/tcg/swid/tcg_swid_attr_req.c351
-rw-r--r--src/libimcv/tcg/swid/tcg_swid_attr_req.h106
-rw-r--r--src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c396
-rw-r--r--src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h109
-rw-r--r--src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c389
-rw-r--r--src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h108
-rw-r--r--src/libimcv/tcg/tcg_attr.c12
-rw-r--r--src/libipsec/Makefile.in11
-rw-r--r--src/libipsec/tests/Makefile.in11
-rw-r--r--src/libpttls/Makefile.in11
-rw-r--r--src/libpttls/pt_tls.h2
-rw-r--r--src/libpttls/pt_tls_client.c2
-rw-r--r--src/libradius/Makefile.in11
-rw-r--r--src/libsimaka/Makefile.in11
-rw-r--r--src/libstrongswan/Makefile.am7
-rw-r--r--src/libstrongswan/Makefile.in94
-rw-r--r--src/libstrongswan/asn1/asn1.c1
-rw-r--r--src/libstrongswan/bio/bio_reader.c5
-rw-r--r--src/libstrongswan/bio/bio_reader.h2
-rw-r--r--src/libstrongswan/collections/linked_list.c69
-rw-r--r--src/libstrongswan/collections/linked_list.h21
-rw-r--r--src/libstrongswan/credentials/auth_cfg.h2
-rw-r--r--src/libstrongswan/credentials/certificates/certificate_printer.h2
-rw-r--r--src/libstrongswan/credentials/keys/public_key.h4
-rw-r--r--src/libstrongswan/credentials/keys/shared_key.c6
-rw-r--r--src/libstrongswan/credentials/keys/shared_key.h2
-rw-r--r--src/libstrongswan/crypto/crypto_factory.h4
-rw-r--r--src/libstrongswan/crypto/hashers/hasher.h2
-rw-r--r--src/libstrongswan/crypto/proposal/proposal.c109
-rw-r--r--src/libstrongswan/crypto/proposal/proposal.h12
-rw-r--r--src/libstrongswan/ipsec/ipsec_types.c32
-rw-r--r--src/libstrongswan/ipsec/ipsec_types.h34
-rw-r--r--src/libstrongswan/library.c21
-rw-r--r--src/libstrongswan/library.h7
-rw-r--r--src/libstrongswan/math/libnttfft/Makefile.in11
-rw-r--r--src/libstrongswan/math/libnttfft/tests/Makefile.in11
-rw-r--r--src/libstrongswan/networking/streams/stream_service_unix.c26
-rw-r--r--src/libstrongswan/plugins/acert/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/aes/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/aesni/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/af_alg/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/agent/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/bliss/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/bliss/tests/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/blowfish/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/botan/Makefile.am32
-rw-r--r--src/libstrongswan/plugins/botan/Makefile.in (renamed from src/libimcv/plugins/imv_swid/Makefile.in)178
-rw-r--r--src/libstrongswan/plugins/botan/botan_crypter.c191
-rw-r--r--src/libstrongswan/plugins/botan/botan_crypter.h58
-rw-r--r--src/libstrongswan/plugins/botan/botan_diffie_hellman.c245
-rw-r--r--src/libstrongswan/plugins/botan/botan_diffie_hellman.h59
-rw-r--r--src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c226
-rw-r--r--src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.h56
-rw-r--r--src/libstrongswan/plugins/botan/botan_ec_private_key.c452
-rw-r--r--src/libstrongswan/plugins/botan/botan_ec_private_key.h87
-rw-r--r--src/libstrongswan/plugins/botan/botan_ec_public_key.c277
-rw-r--r--src/libstrongswan/plugins/botan/botan_ec_public_key.h54
-rw-r--r--src/libstrongswan/plugins/botan/botan_gcm.c333
-rw-r--r--src/libstrongswan/plugins/botan/botan_gcm.h47
-rw-r--r--src/libstrongswan/plugins/botan/botan_hasher.c136
-rw-r--r--src/libstrongswan/plugins/botan/botan_hasher.h55
-rw-r--r--src/libstrongswan/plugins/botan/botan_hmac.c172
-rw-r--r--src/libstrongswan/plugins/botan/botan_hmac.h53
-rw-r--r--src/libstrongswan/plugins/botan/botan_plugin.c313
-rw-r--r--src/libstrongswan/plugins/botan/botan_plugin.h50
-rw-r--r--src/libstrongswan/plugins/botan/botan_rng.c130
-rw-r--r--src/libstrongswan/plugins/botan/botan_rng.h57
-rw-r--r--src/libstrongswan/plugins/botan/botan_rsa_private_key.c694
-rw-r--r--src/libstrongswan/plugins/botan/botan_rsa_private_key.h82
-rw-r--r--src/libstrongswan/plugins/botan/botan_rsa_public_key.c376
-rw-r--r--src/libstrongswan/plugins/botan/botan_rsa_public_key.h72
-rw-r--r--src/libstrongswan/plugins/botan/botan_util.c280
-rw-r--r--src/libstrongswan/plugins/botan/botan_util.h116
-rw-r--r--src/libstrongswan/plugins/botan/botan_util_keys.c211
-rw-r--r--src/libstrongswan/plugins/botan/botan_util_keys.h61
-rw-r--r--src/libstrongswan/plugins/botan/botan_x25519.c176
-rw-r--r--src/libstrongswan/plugins/botan/botan_x25519.h42
-rw-r--r--src/libstrongswan/plugins/ccm/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/chapoly/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/cmac/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/constraints/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/ctr/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/curl/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/curve25519/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/des/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/dnskey/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/files/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/fips_prf/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/gcm/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/gcm/gcm_aead.c2
-rw-r--r--src/libstrongswan/plugins/gcrypt/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_dh.c4
-rw-r--r--src/libstrongswan/plugins/gmp/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c68
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c158
-rw-r--r--src/libstrongswan/plugins/hmac/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/keychain/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/ldap/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/md4/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/md5/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/mgf1/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/mysql/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/newhope/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/newhope/newhope_ke.c4
-rw-r--r--src/libstrongswan/plugins/newhope/tests/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/nonce/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/ntru/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_drbg.h2
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_poly.h2
-rw-r--r--src/libstrongswan/plugins/openssl/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/padlock/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/pem/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/pgp/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/pkcs1/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/pkcs1/pkcs1_builder.c6
-rw-r--r--src/libstrongswan/plugins/pkcs11/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/pkcs12/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/pkcs7/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/pkcs8/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/pubkey/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/random/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/rc2/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/rdrand/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/revocation/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/revocation/revocation_plugin.c8
-rw-r--r--src/libstrongswan/plugins/revocation/revocation_validator.c60
-rw-r--r--src/libstrongswan/plugins/revocation/revocation_validator.h8
-rw-r--r--src/libstrongswan/plugins/sha1/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/sha2/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/sha3/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/soup/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/sqlite/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/sshkey/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/test_vectors/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors.h3
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/curve25519.c22
-rw-r--r--src/libstrongswan/plugins/unbound/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/winhttp/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/x509/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/x509/x509_cert.c9
-rw-r--r--src/libstrongswan/plugins/xcbc/Makefile.in11
-rw-r--r--src/libstrongswan/selectors/traffic_selector.h2
-rw-r--r--src/libstrongswan/settings/settings.c452
-rw-r--r--src/libstrongswan/settings/settings.h26
-rw-r--r--src/libstrongswan/settings/settings_lexer.c466
-rw-r--r--src/libstrongswan/settings/settings_lexer.l46
-rw-r--r--src/libstrongswan/settings/settings_parser.c224
-rw-r--r--src/libstrongswan/settings/settings_parser.h19
-rw-r--r--src/libstrongswan/settings/settings_parser.y47
-rw-r--r--src/libstrongswan/settings/settings_types.c90
-rw-r--r--src/libstrongswan/settings/settings_types.h33
-rw-r--r--src/libstrongswan/tests/Makefile.in11
-rw-r--r--src/libstrongswan/tests/suites/test_identification.c6
-rw-r--r--src/libstrongswan/tests/suites/test_linked_list_enumerator.c68
-rw-r--r--src/libstrongswan/tests/suites/test_printf.c2
-rw-r--r--src/libstrongswan/tests/suites/test_proposal.c34
-rw-r--r--src/libstrongswan/tests/suites/test_rsa.c2
-rw-r--r--src/libstrongswan/tests/suites/test_settings.c423
-rw-r--r--src/libstrongswan/tests/suites/test_utils.c94
-rw-r--r--src/libstrongswan/threading/windows/mutex.c2
-rw-r--r--src/libstrongswan/utils/identification.c13
-rw-r--r--src/libstrongswan/utils/leak_detective.c132
-rw-r--r--src/libstrongswan/utils/utils/atomics.h10
-rw-r--r--src/libtls/Makefile.am2
-rw-r--r--src/libtls/Makefile.in11
-rw-r--r--src/libtls/tests/Makefile.in11
-rw-r--r--src/libtls/tls_peer.c2
-rw-r--r--src/libtls/tls_server.c4
-rw-r--r--src/libtls/tls_socket.h2
-rw-r--r--src/libtnccs/Makefile.in11
-rw-r--r--src/libtnccs/plugins/tnc_imc/Makefile.in11
-rw-r--r--src/libtnccs/plugins/tnc_imv/Makefile.in11
-rw-r--r--src/libtnccs/plugins/tnc_tnccs/Makefile.in11
-rw-r--r--src/libtnccs/plugins/tnccs_11/Makefile.in11
-rw-r--r--src/libtnccs/plugins/tnccs_20/Makefile.in11
-rw-r--r--src/libtnccs/plugins/tnccs_20/tnccs_20_server.c22
-rw-r--r--src/libtnccs/plugins/tnccs_dynamic/Makefile.in11
-rw-r--r--src/libtncif/Makefile.in11
-rw-r--r--src/libtpmtss/Makefile.am4
-rw-r--r--src/libtpmtss/Makefile.in24
-rw-r--r--src/libtpmtss/plugins/tpm/Makefile.in11
-rw-r--r--src/libtpmtss/plugins/tpm/tpm_plugin.c7
-rw-r--r--src/libtpmtss/plugins/tpm/tpm_private_key.c2
-rw-r--r--src/libtpmtss/tpm_tss.c14
-rw-r--r--src/libtpmtss/tpm_tss.h24
-rw-r--r--src/libtpmtss/tpm_tss_trousers.c3
-rw-r--r--src/libtpmtss/tpm_tss_trousers.h2
-rw-r--r--src/libtpmtss/tpm_tss_tss2.h16
-rw-r--r--src/libtpmtss/tpm_tss_tss2_names_v1.c (renamed from src/libtpmtss/tpm_tss_tss2_names.c)12
-rw-r--r--src/libtpmtss/tpm_tss_tss2_names_v2.c98
-rw-r--r--src/libtpmtss/tpm_tss_tss2_v1.c (renamed from src/libtpmtss/tpm_tss_tss2.c)75
-rw-r--r--src/libtpmtss/tpm_tss_tss2_v2.c1190
-rw-r--r--src/manager/Makefile.in11
-rw-r--r--src/manager/main.c2
-rw-r--r--src/medsrv/Makefile.in11
-rw-r--r--src/pki/Makefile.in11
-rw-r--r--src/pki/commands/signcrl.c4
-rw-r--r--src/pki/man/Makefile.in11
-rw-r--r--src/pool/Makefile.in11
-rw-r--r--src/pt-tls-client/Makefile.in11
-rw-r--r--src/scepclient/Makefile.in11
-rw-r--r--src/scepclient/scepclient.82
-rw-r--r--src/sec-updater/Makefile.in11
-rw-r--r--src/starter/Makefile.in11
-rw-r--r--src/starter/confread.c6
-rw-r--r--src/starter/parser/lexer.c2
-rw-r--r--src/starter/parser/lexer.l2
-rw-r--r--src/starter/starter.c6
-rw-r--r--src/starter/tests/Makefile.in11
-rw-r--r--src/stroke/Makefile.in11
-rw-r--r--src/sw-collector/Makefile.in11
-rw-r--r--src/swanctl/Makefile.in11
-rw-r--r--src/swanctl/commands/counters.c4
-rw-r--r--src/swanctl/commands/initiate.c2
-rw-r--r--src/swanctl/commands/list_conns.c16
-rw-r--r--src/swanctl/commands/list_sas.c4
-rw-r--r--src/swanctl/commands/load_all.c10
-rw-r--r--src/swanctl/commands/load_authorities.c10
-rw-r--r--src/swanctl/commands/load_conns.c10
-rw-r--r--src/swanctl/commands/load_creds.c13
-rw-r--r--src/swanctl/commands/load_pools.c10
-rw-r--r--src/swanctl/commands/rekey.c13
-rw-r--r--src/swanctl/swanctl.conf38
-rw-r--r--src/swanctl/swanctl.conf.5.head.in4
-rw-r--r--src/swanctl/swanctl.conf.5.main117
-rw-r--r--src/swanctl/swanctl.opt86
-rw-r--r--src/tpm_extendpcr/Makefile.in11
-rw-r--r--testing/Makefile.in11
-rw-r--r--testing/config/kernel/config-4.182653
-rwxr-xr-xtesting/do-tests19
-rwxr-xr-xtesting/hosts/default/usr/local/bin/systemctl22
-rw-r--r--testing/hosts/winnetou/etc/openssl/ecdsa/index.txt25
-rw-r--r--testing/hosts/winnetou/etc/openssl/ecdsa/index.txt.old24
-rw-r--r--testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0E.pem20
-rw-r--r--testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0F.pem19
-rw-r--r--testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/10.pem18
-rw-r--r--testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/11.pem19
-rw-r--r--testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/12.pem18
-rw-r--r--testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/13.pem18
-rw-r--r--testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/14.pem19
-rw-r--r--testing/hosts/winnetou/etc/openssl/ecdsa/serial2
-rw-r--r--testing/hosts/winnetou/etc/openssl/ecdsa/serial.old2
-rw-r--r--testing/hosts/winnetou/etc/openssl/ed25519/newcerts/carolPolicyCert.pem13
-rw-r--r--testing/hosts/winnetou/etc/openssl/ed25519/strongswan_ed25519PolicyCert.pem12
-rwxr-xr-xtesting/scripts/build-strongswan28
-rw-r--r--testing/scripts/recipes/011_botan.mk30
-rw-r--r--testing/scripts/recipes/013_strongswan.mk3
-rw-r--r--testing/testing.conf8
-rwxr-xr-xtesting/tests/botan/rw-cert/description.txt10
-rwxr-xr-xtesting/tests/botan/rw-cert/evaltest.dat10
-rwxr-xr-xtesting/tests/botan/rw-cert/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/botan/rw-cert/hosts/carol/etc/swanctl/rsa/carolKey.pem30
-rwxr-xr-xtesting/tests/botan/rw-cert/hosts/carol/etc/swanctl/swanctl.conf35
-rwxr-xr-xtesting/tests/botan/rw-cert/hosts/dave/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/botan/rw-cert/hosts/dave/etc/swanctl/swanctl.conf27
-rwxr-xr-xtesting/tests/botan/rw-cert/hosts/moon/etc/strongswan.conf15
-rwxr-xr-xtesting/tests/botan/rw-cert/hosts/moon/etc/swanctl/swanctl.conf25
-rwxr-xr-xtesting/tests/botan/rw-cert/posttest.dat8
-rwxr-xr-xtesting/tests/botan/rw-cert/pretest.dat11
-rwxr-xr-x[-rw-r--r--]testing/tests/botan/rw-cert/test.conf (renamed from testing/tests/tnc/tnccs-20-nea-pt-tls/test.conf)6
-rwxr-xr-xtesting/tests/botan/rw-ecp256/description.txt9
-rwxr-xr-xtesting/tests/botan/rw-ecp256/evaltest.dat10
-rwxr-xr-xtesting/tests/botan/rw-ecp256/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/botan/rw-ecp256/hosts/carol/etc/swanctl/rsa/carolKey.pem30
-rwxr-xr-xtesting/tests/botan/rw-ecp256/hosts/carol/etc/swanctl/swanctl.conf35
-rwxr-xr-xtesting/tests/botan/rw-ecp256/hosts/dave/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/botan/rw-ecp256/hosts/dave/etc/swanctl/swanctl.conf27
-rwxr-xr-xtesting/tests/botan/rw-ecp256/hosts/moon/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/botan/rw-ecp256/hosts/moon/etc/swanctl/swanctl.conf25
-rwxr-xr-xtesting/tests/botan/rw-ecp256/posttest.dat8
-rwxr-xr-xtesting/tests/botan/rw-ecp256/pretest.dat11
-rwxr-xr-xtesting/tests/botan/rw-ecp256/test.conf25
-rwxr-xr-xtesting/tests/botan/rw-modp3072/description.txt10
-rwxr-xr-xtesting/tests/botan/rw-modp3072/evaltest.dat10
-rwxr-xr-xtesting/tests/botan/rw-modp3072/hosts/carol/etc/strongswan.conf11
-rw-r--r--testing/tests/botan/rw-modp3072/hosts/carol/etc/swanctl/rsa/carolKey.pem30
-rwxr-xr-xtesting/tests/botan/rw-modp3072/hosts/carol/etc/swanctl/swanctl.conf35
-rwxr-xr-xtesting/tests/botan/rw-modp3072/hosts/dave/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/botan/rw-modp3072/hosts/dave/etc/swanctl/swanctl.conf27
-rwxr-xr-xtesting/tests/botan/rw-modp3072/hosts/moon/etc/strongswan.conf11
-rwxr-xr-xtesting/tests/botan/rw-modp3072/hosts/moon/etc/swanctl/swanctl.conf25
-rwxr-xr-xtesting/tests/botan/rw-modp3072/posttest.dat8
-rwxr-xr-xtesting/tests/botan/rw-modp3072/pretest.dat11
-rwxr-xr-xtesting/tests/botan/rw-modp3072/test.conf25
-rw-r--r--testing/tests/ikev1/net2net-fragmentation/evaltest.dat8
-rw-r--r--testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/iptables.rules4
-rw-r--r--testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/iptables.rules4
-rw-r--r--testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/iptables.rules4
-rw-r--r--testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat2
-rw-r--r--testing/tests/ikev2/multi-level-ca/evaltest.dat2
-rw-r--r--testing/tests/ikev2/net2net-fragmentation/evaltest.dat8
-rw-r--r--testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem28
-rw-r--r--testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem25
-rw-r--r--testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem8
-rw-r--r--testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem28
-rw-r--r--testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem27
-rw-r--r--testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem8
-rw-r--r--testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem28
-rw-r--r--testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem31
-rw-r--r--testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem10
-rw-r--r--testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem28
-rw-r--r--testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem25
-rw-r--r--testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem8
-rw-r--r--testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem28
-rw-r--r--testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem27
-rw-r--r--testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem8
-rw-r--r--testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem28
-rw-r--r--testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem31
-rw-r--r--testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem10
-rw-r--r--testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem28
-rw-r--r--testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/certs/carolCert.pem25
-rw-r--r--testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/private/carolKey.pem9
-rw-r--r--testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem28
-rw-r--r--testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/certs/daveCert.pem27
-rw-r--r--testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/private/daveKey.pem12
-rw-r--r--testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem28
-rw-r--r--testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/certs/moonCert.pem31
-rw-r--r--testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/private/moonKey.pem15
-rw-r--r--testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat2
-rw-r--r--testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf2
-rw-r--r--testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem28
-rw-r--r--testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/certs/carolCert.pem25
-rw-r--r--testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/private/carolKey.pem8
-rw-r--r--testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem28
-rw-r--r--testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/certs/moonCert.pem31
-rw-r--r--testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/private/moonKey.pem10
-rw-r--r--testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem28
-rw-r--r--testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/certs/carolCert.pem25
-rw-r--r--testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/private/carolKey.pem9
-rw-r--r--testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem28
-rw-r--r--testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/certs/daveCert.pem25
-rw-r--r--testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/private/daveKey.pem6
-rw-r--r--testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem28
-rw-r--r--testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/certs/moonCert.pem23
-rw-r--r--testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/private/moonKey.pem6
-rw-r--r--testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem28
-rw-r--r--testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/certs/carolCert.pem27
-rw-r--r--testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/private/carolKey.pem12
-rw-r--r--testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem28
-rw-r--r--testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/certs/daveCert.pem27
-rw-r--r--testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/private/daveKey.pem8
-rw-r--r--testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem28
-rw-r--r--testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/certs/moonCert.pem25
-rw-r--r--testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/private/moonKey.pem8
-rw-r--r--testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/iptables.rules4
-rwxr-xr-xtesting/tests/swanctl/frags-ipv4/evaltest.dat12
-rwxr-xr-xtesting/tests/swanctl/frags-ipv6/evaltest.dat12
-rw-r--r--testing/tests/swanctl/multi-level-ca/evaltest.dat2
-rwxr-xr-xtesting/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf19
-rw-r--r--testing/tests/swanctl/ocsp-multi-level/evaltest.dat2
-rwxr-xr-xtesting/tests/swanctl/rw-cert-ppk/description.txt11
-rwxr-xr-xtesting/tests/swanctl/rw-cert-ppk/evaltest.dat15
-rwxr-xr-xtesting/tests/swanctl/rw-cert-ppk/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/swanctl/rw-cert-ppk/hosts/carol/etc/swanctl/rsa/carolKey.pem30
-rwxr-xr-xtesting/tests/swanctl/rw-cert-ppk/hosts/carol/etc/swanctl/swanctl.conf42
-rwxr-xr-xtesting/tests/swanctl/rw-cert-ppk/hosts/dave/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/rw-cert-ppk/hosts/dave/etc/swanctl/swanctl.conf38
-rwxr-xr-xtesting/tests/swanctl/rw-cert-ppk/hosts/moon/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/rw-cert-ppk/hosts/moon/etc/swanctl/swanctl.conf33
-rwxr-xr-xtesting/tests/swanctl/rw-cert-ppk/posttest.dat8
-rwxr-xr-xtesting/tests/swanctl/rw-cert-ppk/pretest.dat11
-rwxr-xr-xtesting/tests/swanctl/rw-cert-ppk/test.conf25
-rw-r--r--testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/description.txt11
-rw-r--r--testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/evaltest.dat27
-rw-r--r--testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/swanctl/swanctl.conf41
-rw-r--r--testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/swanctl/swanctl.conf39
-rw-r--r--testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/swanctl/swanctl.conf44
-rw-r--r--testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/posttest.dat8
-rw-r--r--testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/pretest.dat13
-rw-r--r--testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/test.conf25
-rwxr-xr-xtesting/tests/swanctl/rw-ed25519-certpol/description.txt6
-rwxr-xr-xtesting/tests/swanctl/rw-ed25519-certpol/evaltest.dat12
-rwxr-xr-xtesting/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/pkcs8/carolKey.pem3
-rwxr-xr-xtesting/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/swanctl.conf27
-rw-r--r--testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/x509/carolCert.pem13
-rw-r--r--testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem12
-rwxr-xr-xtesting/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/strongswan.conf9
-rw-r--r--testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/pkcs8/daveKey.pem3
-rwxr-xr-xtesting/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/swanctl.conf27
-rw-r--r--testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/x509/daveCert.pem13
-rw-r--r--testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem12
-rwxr-xr-xtesting/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/strongswan.conf13
-rw-r--r--testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/pkcs8/moonKey.pem3
-rwxr-xr-xtesting/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/swanctl.conf26
-rw-r--r--testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/x509/moonCert.pem13
-rw-r--r--testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem12
-rwxr-xr-xtesting/tests/swanctl/rw-ed25519-certpol/posttest.dat11
-rwxr-xr-xtesting/tests/swanctl/rw-ed25519-certpol/pretest.dat14
-rwxr-xr-xtesting/tests/swanctl/rw-ed25519-certpol/test.conf25
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ppk/description.txt11
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ppk/evaltest.dat15
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ppk/hosts/carol/etc/strongswan.conf14
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ppk/hosts/carol/etc/swanctl/swanctl.conf43
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ppk/hosts/dave/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ppk/hosts/dave/etc/swanctl/swanctl.conf40
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ppk/hosts/moon/etc/strongswan.conf9
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ppk/hosts/moon/etc/swanctl/swanctl.conf42
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ppk/posttest.dat8
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ppk/pretest.dat14
-rwxr-xr-xtesting/tests/swanctl/rw-psk-ppk/test.conf25
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/description.txt9
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat25
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf31
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/default1
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/iptables.rules28
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/pts/data1.sql61
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongTNC/settings.ini19
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf46
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem27
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/swanctl.conf7
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem25
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/tnc_config4
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/ipsec.sql4
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/iptables.rules20
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/pts/options6
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/strongswan.conf18
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/swanctl/swanctl.conf1
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/tnc_config4
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/ipsec.sql4
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/iptables.rules20
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/pts/options7
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/strongswan.conf27
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/swanctl/swanctl.conf1
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/tnc_config4
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/strongswan.conf3
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/swanctl/swanctl.conf1
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat10
-rw-r--r--testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat25
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-eap/description.txt4
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat14
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf7
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/tnc_config4
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config4
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf2
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config4
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt12
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat16
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config2
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf9
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config2
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf8
-rw-r--r--testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config2
780 files changed, 19906 insertions, 16395 deletions
diff --git a/Android.common.mk b/Android.common.mk
index 8999237d9..09c264b1e 100644
--- a/Android.common.mk
+++ b/Android.common.mk
@@ -26,5 +26,5 @@ add_plugin_subdirs = $(if $(call plugin_enabled,$(1)), \
)
# strongSwan version, replaced by top Makefile
-strongswan_VERSION := "5.6.3"
+strongswan_VERSION := "5.7.0"
diff --git a/ChangeLog b/ChangeLog
index 5ddeff5f4..53a9ec244 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,3 @@
-A summary of changes is available in the NEWS file. For a more
+A summary of changes is available in the NEWS file. For a more
detailed Changelog, use the repository (see HACKING) or the
online interface available at http://git.strongswan.org.
diff --git a/INSTALL b/INSTALL
index 029b9a284..c703c50f8 100644
--- a/INSTALL
+++ b/INSTALL
@@ -1,18 +1,18 @@
- ---------------------------
- strongSwan - Installation
- ---------------------------
+ -------------------------
+ strongSwan - Installation
+ -------------------------
Contents
--------
- 1. Overview
- 2. Required packages
- 3. Optional packages
- 3.1 HTTP fetcher
- 3.2 LDAP
- 3.3 Other pluggable modules
- 4. Kernel configuration
+ 1. Overview
+ 2. Required packages
+ 3. Optional packages
+ 3.1 HTTP fetcher
+ 3.2 LDAP
+ 3.3 Other pluggable modules
+ 4. Kernel configuration
1. Overview
--------
@@ -104,7 +104,7 @@ Contents
In order to activate the use of the libldap library in strongSwan you must
enable the ./configure switch:
- ./configure [...] --enable-ldap
+ ./configure [...] --enable-ldap
LDAP Protocol version 2 is not supported anymore, --enable-ldap uses always
version 3 of the LDAP protocol
@@ -144,5 +144,5 @@ Contents
For a more up-to-date list of recommended modules refer to:
- * http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
+ * http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules
diff --git a/Makefile.in b/Makefile.in
index a3abb3483..9edc0412f 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -110,7 +110,7 @@ am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
configure.lineno config.status.lineno
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = config.h
-CONFIG_CLEAN_FILES = src/dumm/ext/extconf.rb
+CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
@@ -198,10 +198,10 @@ ETAGS = etags
CTAGS = ctags
CSCOPE = cscope
DIST_SUBDIRS = src man conf init testing fuzz scripts
-am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \
- $(top_srcdir)/src/dumm/ext/extconf.rb.in AUTHORS COPYING \
- ChangeLog INSTALL NEWS README TODO compile config.guess \
- config.sub depcomp install-sh ltmain.sh missing ylwrap
+am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in AUTHORS \
+ COPYING ChangeLog INSTALL NEWS README TODO compile \
+ config.guess config.sub depcomp install-sh ltmain.sh missing \
+ ylwrap
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
@@ -342,7 +342,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -368,6 +367,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -388,8 +389,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -444,8 +443,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -474,8 +471,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
@@ -545,8 +546,6 @@ $(srcdir)/config.h.in: $(am__configure_deps)
distclean-hdr:
-rm -f config.h stamp-h1
-src/dumm/ext/extconf.rb: $(top_builddir)/config.status $(top_srcdir)/src/dumm/ext/extconf.rb.in
- cd $(top_builddir) && $(SHELL) ./config.status $@
mostlyclean-libtool:
-rm -f *.lo
diff --git a/NEWS b/NEWS
index c136008b0..81c76e070 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,69 @@
+strongswan-5.7.0
+----------------
+
+- Fixes a potential authorization bypass vulnerability in the gmp plugin that
+ was caused by a too lenient verification of PKCS#1 v1.5 signatures. Several
+ flaws could be exploited by a Bleichenbacher-style attack to forge signatures
+ for low-exponent keys (i.e. with e=3). CVE-2018-16151 has been assigned to
+ the problem of accepting random bytes after the OID of the hash function in
+ such signatures, and CVE-2018-16152 has been assigned to the issue of not
+ verifying that the parameters in the ASN.1 algorithmIdentitifer structure is
+ empty. Other flaws that don't lead to a vulnerability directly (e.g. not
+ checking for at least 8 bytes of padding) have no separate CVE assigned.
+
+- Dots are not allowed anymore in section names in swanctl.conf and
+ strongswan.conf. This mainly affects the configuration of file loggers. If the
+ path for such a log file contains dots it now has to be configured in the new
+ `path` setting within the arbitrarily renamed subsection in the `filelog`
+ section.
+
+- Sections in swanctl.conf and strongswan.conf may now reference other sections.
+ All settings and subsections from such a section are inherited. This allows
+ to simplify configs as redundant information has only to be specified once
+ and may then be included in other sections (refer to the example in the man
+ page for strongswan.conf).
+
+- The originally selected IKE config (based on the IPs and IKE version) can now
+ change if no matching algorithm proposal is found. This way the order
+ of the configs doesn't matter that much anymore and it's easily possible to
+ specify separate configs for clients that require weak algorithms (instead
+ of having to also add them in other configs that might be selected).
+
+- Support for Postquantum Preshared Keys for IKEv2 (draft-ietf-ipsecme-qr-ikev2)
+ has been added.
+
+- The new botan plugin is a wrapper around the Botan C++ crypto library. It
+ requires a fairly recent build from Botan's master branch (or the upcoming
+ 2.8.0 release). Thanks to René Korthaus and his team from Rohde & Schwarz
+ Cybersecurity for the initial patch.
+
+- The pki tool accepts a xmppAddr otherName as a subjectAlternativeName using
+ the syntax --san xmppaddr:<jid>.
+
+- Implementation of RFC 8412 "Software Inventory Message and Attributes (SWIMA)
+ for PA-TNC". SWIMA subscription option sets CLOSE_WRITE trigger on apt
+ history.log file resulting in a ClientRetry PB-TNC batch to initialize
+ a new measurement cycle.
+
+- Added support for fuzzing the PA-TNC (RFC 5792) and PB-TNC (RFC 5793) NEA
+ protocols on Google's OSS-Fuzz infrastructure.
+
+- Support for version 2 of Intel's TPM2-TSS TGC Software Stack. The presence of
+ the in-kernel /dev/tpmrm0 resource manager is automatically detected.
+
+- Marks the in- and/or outbound SA should apply to packets after processing may
+ be configured in swanctl.conf on Linux. For outbound SAs this requires at
+ least a 4.14 kernel. Setting a mask and configuring a mark/mask for inbound
+ SAs will be added with the upcoming 4.19 kernel.
+
+- New options in swanctl.conf allow configuring how/whether DF, ECN and DS
+ fields in the IP headers are copied during IPsec processing. Controlling this
+ is currently only possible on Linux.
+
+- To avoid conflicts, the dhcp plugin now only uses the DHCP server port if
+ explicitly configured.
+
+
strongswan-5.6.3
----------------
@@ -1199,9 +1265,9 @@ strongswan-4.6.1
thus causing failures during the loading of the plugins which depend on these
libraries for resolving external symbols.
-- Therefore our approach of computing integrity checksums for plugins had to be
- changed radically by moving the hash generation from the compilation to the
- post-installation phase.
+- Therefore our approach of computing integrity checksums for plugins had to be
+ changed radically by moving the hash generation from the compilation to the
+ post-installation phase.
strongswan-4.6.0
@@ -2309,7 +2375,7 @@ strongswan-4.1.4
Thanks to the rightallowany flag the connection behaves later on
as
- right=%any
+ right=%any
so that the peer can rekey the connection as an initiator when his
IP address changes. An alternative notation is
@@ -2366,8 +2432,8 @@ strongswan-4.1.3
is provided and more advanced backends (using e.g. a database) are trivial
to implement.
- - Fixed a compilation failure in libfreeswan occurring with Linux kernel
- headers > 2.6.17.
+- Fixed a compilation failure in libfreeswan occurring with Linux kernel
+ headers > 2.6.17.
strongswan-4.1.2
@@ -2517,7 +2583,7 @@ strongswan-4.0.5
The debugging levels can either be specified statically in ipsec.conf as
config setup
- charondebug="lib 1, cfg 3, net 2"
+ charondebug="lib 1, cfg 3, net 2"
or changed at runtime via stroke as
@@ -2759,9 +2825,9 @@ strongswan-2.6.2
if an FQDN, USER_FQDN, or Key ID was defined, as in the following example.
conn rw
- right=%any
- rightid=@foo.bar
- authby=secret
+ right=%any
+ rightid=@foo.bar
+ authby=secret
- the ipsec command now supports most ipsec auto commands (e.g. ipsec listall).
@@ -2904,7 +2970,7 @@ strongswan-2.5.3
- fixed the initialization of the ESP key length to a default of
128 bits in the case that the peer does not send a key length
- attribute for AES encryption.
+ attribute for AES encryption.
- applied Herbert Xu's uniqueIDs patch
@@ -3309,16 +3375,16 @@ strongswan-2.1.0
- The new "ca" section allows to define the following parameters:
ca kool
- cacert=koolCA.pem # cacert of kool CA
- ocspuri=http://ocsp.kool.net:8001 # ocsp server
- ldapserver=ldap.kool.net # default ldap server
- crluri=http://www.kool.net/kool.crl # crl distribution point
- crluri2="ldap:///O=Kool, C= .." # crl distribution point #2
- auto=add # add, ignore
+ cacert=koolCA.pem # cacert of kool CA
+ ocspuri=http://ocsp.kool.net:8001 # ocsp server
+ ldapserver=ldap.kool.net # default ldap server
+ crluri=http://www.kool.net/kool.crl # crl distribution point
+ crluri2="ldap:///O=Kool, C= .." # crl distribution point #2
+ auto=add # add, ignore
The ca definitions can be monitored via the command
- ipsec auto --listcainfos
+ ipsec auto --listcainfos
- Fixed cosmetic corruption of /proc filesystem by integrating
D. Hugh Redelmeier's freeswan-2.06 kernel fixes.
diff --git a/README b/README
index f26e59780..8d8febede 100644
--- a/README
+++ b/README
@@ -57,7 +57,7 @@ Configuration on gateway _moon_:
local_ts = 10.1.0.0/16
remote_ts = 10.2.0.0/16
start_action = trap
- }
+ }
}
}
}
@@ -87,7 +87,7 @@ Configuration on gateway _sun_:
local_ts = 10.2.0.0/16
remote_ts = 10.1.0.0/16
start_action = trap
- }
+ }
}
}
}
@@ -116,7 +116,7 @@ connections we will use the default IPsec tunnel mode.
| 192.168.0.1 | === | 192.168.0.2 |
moon sun
- Configuration on host _moon_:
+Configuration on host _moon_:
/etc/swanctl/x509ca/strongswanCert.pem
/etc/swanctl/x509/moonCert.pem
@@ -167,7 +167,7 @@ Configuration on host _sun_:
children {
host-host {
start_action = trap
- }
+ }
}
}
}
@@ -215,7 +215,7 @@ Configuration on roadwarrior _carol_:
/etc/swanctl/swanctl.conf:
- connections {
+ connections {
home {
remote_addrs = moon.strongswan.org
@@ -315,7 +315,7 @@ Configuration on roadwarrior _carol_:
/etc/swanctl/swanctl.conf:
- connections {
+ connections {
home {
remote_addrs = moon.strongswan.org
vips = 0.0.0.0
@@ -378,16 +378,16 @@ Configuration on gateway _moon_:
The `swanctl.conf` file additionally contains a `secrets` section defining all
client credentials
- secrets {
- eap-carol {
- id = carol@strongswan.org
- secret = Ar3etTnp
- }
- eap-dave {
- id = dave@strongswan.org
- secret = W7R0g3do
- }
- }
+ secrets {
+ eap-carol {
+ id = carol@strongswan.org
+ secret = Ar3etTnp
+ }
+ eap-dave {
+ id = dave@strongswan.org
+ secret = W7R0g3do
+ }
+ }
Configuration on roadwarrior _carol_:
@@ -395,7 +395,7 @@ Configuration on roadwarrior _carol_:
/etc/swanctl/swanctl.conf:
- connections {
+ connections {
home {
remote_addrs = moon.strongswan.org
@@ -416,12 +416,12 @@ Configuration on roadwarrior _carol_:
}
}
- secrets {
- eap-carol {
- id = carol@strongswan.org
- secret = Ar3etTnp
- }
- }
+ secrets {
+ eap-carol {
+ id = carol@strongswan.org
+ secret = Ar3etTnp
+ }
+ }
### Roadwarrior Case with EAP Identity ###
@@ -461,16 +461,16 @@ Configuration on gateway _moon_:
}
}
- secrets {
- eap-carol {
- id = carol
- secret = Ar3etTnp
- }
- eap-dave {
- id = dave
- secret = W7R0g3do
- }
- }
+ secrets {
+ eap-carol {
+ id = carol
+ secret = Ar3etTnp
+ }
+ eap-dave {
+ id = dave
+ secret = W7R0g3do
+ }
+ }
Configuration on roadwarrior _carol_:
@@ -478,7 +478,7 @@ Configuration on roadwarrior _carol_:
/etc/swanctl/swanctl.conf:
- connections {
+ connections {
home {
remote_addrs = moon.strongswan.org
@@ -499,12 +499,12 @@ Configuration on roadwarrior _carol_:
}
}
- secrets {
- eap-carol {
- id = carol
- secret = Ar3etTnp
- }
- }
+ secrets {
+ eap-carol {
+ id = carol
+ secret = Ar3etTnp
+ }
+ }
## Generating Certificates and CRLs ##
diff --git a/conf/Makefile.am b/conf/Makefile.am
index eb662c2e0..d7917664b 100644
--- a/conf/Makefile.am
+++ b/conf/Makefile.am
@@ -61,13 +61,11 @@ plugins = \
plugins/imc-hcd.opt \
plugins/imc-os.opt \
plugins/imc-scanner.opt \
- plugins/imc-swid.opt \
plugins/imc-swima.opt \
plugins/imc-test.opt \
plugins/imv-attestation.opt \
plugins/imv-os.opt \
plugins/imv-scanner.opt \
- plugins/imv-swid.opt \
plugins/imv-swima.opt \
plugins/imv-test.opt \
plugins/ipseckey.opt \
diff --git a/conf/Makefile.in b/conf/Makefile.in
index e83d3b98f..ae4640068 100644
--- a/conf/Makefile.in
+++ b/conf/Makefile.in
@@ -265,7 +265,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -291,6 +290,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -311,8 +312,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -367,8 +366,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -397,8 +394,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
@@ -467,13 +468,11 @@ plugins = \
plugins/imc-hcd.opt \
plugins/imc-os.opt \
plugins/imc-scanner.opt \
- plugins/imc-swid.opt \
plugins/imc-swima.opt \
plugins/imc-test.opt \
plugins/imv-attestation.opt \
plugins/imv-os.opt \
plugins/imv-scanner.opt \
- plugins/imv-swid.opt \
plugins/imv-swima.opt \
plugins/imv-test.opt \
plugins/ipseckey.opt \
diff --git a/conf/options/charon-logging.conf b/conf/options/charon-logging.conf
index 454405985..ed3c027dc 100644
--- a/conf/options/charon-logging.conf
+++ b/conf/options/charon-logging.conf
@@ -4,8 +4,10 @@ charon {
# strongswan.conf(5).
filelog {
- # <filename> is the full path to the log file.
- # <filename> {
+ # <name> may be the full path to the log file if it only contains
+ # characters permitted in section names. Is ignored if path is
+ # specified.
+ # <name> {
# Loglevel for a specific subsystem.
# <subsystem> = <default>
@@ -25,6 +27,11 @@ charon {
# numerical identifier for each IKE_SA.
# ike_name = no
+ # Optional path to the log file. Overrides the section name. Must be
+ # used if the path contains characters that aren't allowed in
+ # section names.
+ # path =
+
# Adds the milliseconds within the current second after the
# timestamp (separated by a dot, so time_format should end with %S
# or %T).
diff --git a/conf/options/charon-logging.opt b/conf/options/charon-logging.opt
index 2bbb5dce4..e850c4487 100644
--- a/conf/options/charon-logging.opt
+++ b/conf/options/charon-logging.opt
@@ -2,33 +2,38 @@ charon.filelog {}
Section to define file loggers, see LOGGER CONFIGURATION in
**strongswan.conf**(5).
-charon.filelog.<filename> { # }
- <filename> is the full path to the log file.
+charon.filelog.<name> { # }
+ <name> may be the full path to the log file if it only contains
+ characters permitted in section names. Is ignored if _path_ is specified.
-charon.filelog.<filename>.default = 1
+charon.filelog.<name>.path =
+ Optional path to the log file. Overrides the section name. Must be used
+ if the path contains characters that aren't allowed in section names.
+
+charon.filelog.<name>.default = 1
Default loglevel.
Specifies the default loglevel to be used for subsystems for which no
specific loglevel is defined.
-charon.filelog.<filename>.<subsystem> = <default>
+charon.filelog.<name>.<subsystem> = <default>
Loglevel for a specific subsystem.
-charon.filelog.<filename>.append = yes
+charon.filelog.<name>.append = yes
If this option is enabled log entries are appended to the existing file.
-charon.filelog.<filename>.flush_line = no
+charon.filelog.<name>.flush_line = no
Enabling this option disables block buffering and enables line buffering.
-charon.filelog.<filename>.ike_name = no
+charon.filelog.<name>.ike_name = no
Prefix each log entry with the connection name and a unique numerical
identifier for each IKE_SA.
-charon.filelog.<filename>.time_format
+charon.filelog.<name>.time_format
Prefix each log entry with a timestamp. The option accepts a format string
as passed to **strftime**(3).
-charon.filelog.<filename>.time_add_ms = no
+charon.filelog.<name>.time_add_ms = no
Adds the milliseconds within the current second after the timestamp
(separated by a dot, so _time_format_ should end with %S or %T).
diff --git a/conf/options/charon.conf b/conf/options/charon.conf
index 93dff172d..857ddde9b 100644
--- a/conf/options/charon.conf
+++ b/conf/options/charon.conf
@@ -274,7 +274,7 @@ charon {
# Buffer size used for crypto benchmark.
# bench_size = 1024
- # Number of iterations to test each algorithm.
+ # Time in ms during which crypto algorithm performance is measured.
# bench_time = 50
# Test crypto algorithms during registration (requires test vectors
diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index fcde5f0b5..8fb64bc25 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -52,7 +52,7 @@ charon.crypto_test.bench_size = 1024
Buffer size used for crypto benchmark.
charon.crypto_test.bench_time = 50
- Number of iterations to test each algorithm.
+ Time in ms during which crypto algorithm performance is measured.
charon.crypto_test.on_add = no
Test crypto algorithms during registration (requires test vectors provided
diff --git a/conf/plugins/bypass-lan.conf b/conf/plugins/bypass-lan.conf
index e470ce68e..ad496db67 100644
--- a/conf/plugins/bypass-lan.conf
+++ b/conf/plugins/bypass-lan.conf
@@ -11,7 +11,7 @@ bypass-lan {
# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
- load = no
+ load = yes
}
diff --git a/conf/plugins/dhcp.conf b/conf/plugins/dhcp.conf
index 88bbe36e3..c880cfa59 100644
--- a/conf/plugins/dhcp.conf
+++ b/conf/plugins/dhcp.conf
@@ -17,5 +17,9 @@ dhcp {
# DHCP server unicast or broadcast IP address.
# server = 255.255.255.255
+ # Use the DHCP server port (67) as source port when a unicast server address
+ # is configured.
+ # use_server_port = no
+
}
diff --git a/conf/plugins/dhcp.opt b/conf/plugins/dhcp.opt
index 6b337bc34..7c6d31c87 100644
--- a/conf/plugins/dhcp.opt
+++ b/conf/plugins/dhcp.opt
@@ -15,6 +15,21 @@ charon.plugins.dhcp.identity_lease = no
charon.plugins.dhcp.server = 255.255.255.255
DHCP server unicast or broadcast IP address.
+charon.plugins.dhcp.use_server_port = no
+ Use the DHCP server port (67) as source port when a unicast server address
+ is configured.
+
+ Use the DHCP server port (67) as source port, instead of the DHCP client
+ port (68), when a unicast server address is configured and the plugin acts
+ as relay agent. When replying in this mode the DHCP server will always send
+ packets to the DHCP server port and if no process binds that port an ICMP
+ port unreachables will be sent back, which might be problematic for some
+ DHCP servers. To avoid that, enabling this option will cause the plugin to
+ bind the DHCP server port to send its requests when acting as relay agent.
+ This is not necessary if a DHCP server is already running on the same host
+ and might even cause conflicts (and since the server port is already bound,
+ ICMPs should not be an issue).
+
charon.plugins.dhcp.interface
Interface name the plugin uses for address allocation.
diff --git a/conf/plugins/eap-radius.conf b/conf/plugins/eap-radius.conf
index 5a486114e..24f2eaacd 100644
--- a/conf/plugins/eap-radius.conf
+++ b/conf/plugins/eap-radius.conf
@@ -66,6 +66,10 @@ eap-radius {
# Number of sockets (ports) to use, increase for high load.
# sockets = 1
+ # Whether to include the UDP port in the Called- and Calling-Station-Id
+ # RADIUS attributes.
+ # station_id_with_port = yes
+
dae {
# Enables support for the Dynamic Authorization Extension (RFC 5176).
diff --git a/conf/plugins/eap-radius.opt b/conf/plugins/eap-radius.opt
index f18a74c49..192996c73 100644
--- a/conf/plugins/eap-radius.opt
+++ b/conf/plugins/eap-radius.opt
@@ -108,6 +108,10 @@ charon.plugins.eap-radius.servers {}
charon.plugins.eap-radius.sockets = 1
Number of sockets (ports) to use, increase for high load.
+charon.plugins.eap-radius.station_id_with_port = yes
+ Whether to include the UDP port in the Called- and Calling-Station-Id
+ RADIUS attributes.
+
charon.plugins.eap-radius.xauth {}
Section to configure multiple XAuth authentication rounds via RADIUS.
diff --git a/conf/plugins/imc-swid.conf b/conf/plugins/imc-swid.conf
deleted file mode 100644
index 4893703ad..000000000
--- a/conf/plugins/imc-swid.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-imc-swid {
-
- # Whether to load the plugin. Can also be an integer to increase the
- # priority of this plugin.
- load = yes
-
-}
-
diff --git a/conf/plugins/imc-swid.opt b/conf/plugins/imc-swid.opt
deleted file mode 100644
index e622aa683..000000000
--- a/conf/plugins/imc-swid.opt
+++ /dev/null
@@ -1,8 +0,0 @@
-libimcv.plugins.imc-swid.swid_directory = ${prefix}/share
- Directory where SWID tags are located.
-
-libimcv.plugins.imc-swid.swid_pretty = no
- Generate XML-encoded SWID tags with pretty indentation.
-
-libimcv.plugins.imc-swid.swid_full = no
- Include file information in the XML-encoded SWID tags.
diff --git a/conf/plugins/imc-swima.opt b/conf/plugins/imc-swima.opt
index 099a3c80f..daa4ecadd 100644
--- a/conf/plugins/imc-swima.opt
+++ b/conf/plugins/imc-swima.opt
@@ -19,3 +19,6 @@ libimcv.plugins.imc-swima.swid_pretty = no
libimcv.plugins.imc-swima.swid_full = no
Include file information in the XML-encoded SWID tags.
+
+libimcv.plugins.imc-swima.subscriptions = no
+ Accept SW Inventory or SW Events subscriptions.
diff --git a/conf/plugins/imv-swid.conf b/conf/plugins/imv-swid.conf
deleted file mode 100644
index bfd49bd1c..000000000
--- a/conf/plugins/imv-swid.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-imv-swid {
-
- # Whether to load the plugin. Can also be an integer to increase the
- # priority of this plugin.
- load = yes
-
-}
-
diff --git a/conf/plugins/imv-swid.opt b/conf/plugins/imv-swid.opt
deleted file mode 100644
index d451c78ce..000000000
--- a/conf/plugins/imv-swid.opt
+++ /dev/null
@@ -1,5 +0,0 @@
-libimcv.plugins.imv-swid.rest_api_uri =
- HTTP URI of the SWID REST API.
-
-libimcv.plugins.imv-swid.rest_api_timeout = 120
- Timeout of SWID REST API HTTP POST transaction.
diff --git a/conf/plugins/tpm.conf b/conf/plugins/tpm.conf
index 222bb7b0a..1be961e89 100644
--- a/conf/plugins/tpm.conf
+++ b/conf/plugins/tpm.conf
@@ -7,5 +7,19 @@ tpm {
# Whether the TPM should be used as RNG.
# use_rng = no
+ tcti {
+
+ # Name of TPM 2.0 TCTI library. Valid values: tabrmd, device or mssim.
+ # Defaults are device if the /dev/tpmrm0 in-kernel TPM 2.0 resource
+ # manager device exists, and tabrmd otherwise, requiring the d-bus based
+ # TPM 2.0 access broker and resource manager to be available.
+ # name = device|tabrmd
+
+ # Options for the TPM 2.0 TCTI library. Defaults are /dev/tpmrm0 if the
+ # TCTI library name is device and no options otherwise.
+ # opts = /dev/tpmrm0|<none>
+
+ }
+
}
diff --git a/conf/plugins/tpm.opt b/conf/plugins/tpm.opt
index cd666dde8..df7adb098 100644
--- a/conf/plugins/tpm.opt
+++ b/conf/plugins/tpm.opt
@@ -1,2 +1,12 @@
charon.plugins.tpm.use_rng = no
Whether the TPM should be used as RNG.
+
+charon.plugins.tpm.tcti.name = device|tabrmd
+ Name of TPM 2.0 TCTI library. Valid values: _tabrmd_, _device_ or _mssim_.
+ Defaults are _device_ if the _/dev/tpmrm0_ in-kernel TPM 2.0 resource manager
+ device exists, and _tabrmd_ otherwise, requiring the d-bus based TPM 2.0
+ access broker and resource manager to be available.
+
+charon.plugins.tpm.tcti.opts = /dev/tpmrm0|<none>
+ Options for the TPM 2.0 TCTI library. Defaults are _/dev/tpmrm0_ if the
+ TCTI library name is _device_ and no options otherwise.
diff --git a/conf/strongswan.conf.5.head.in b/conf/strongswan.conf.5.head.in
index 23454e758..9337c19e2 100644
--- a/conf/strongswan.conf.5.head.in
+++ b/conf/strongswan.conf.5.head.in
@@ -32,13 +32,12 @@ and key/value pairs:
.PP
Values must be terminated by a newline.
.PP
-Comments are possible using the \fB#\fP-character, but be careful: The parser
-implementation is currently limited and does not like brackets in comments.
+Comments are possible using the \fB#\fP-character.
.PP
Section names and keys may contain any printable character except:
.PP
.EX
- . { } # \\n \\t space
+ . , : { } = " # \\n \\t space
.EE
.PP
An example file in this format might look like this:
@@ -60,6 +59,71 @@ An example file in this format might look like this:
.PP
Indentation is optional, you may use tabs or spaces.
+
+.SH REFERENCING OTHER SECTIONS
+It is possible to inherit settings and sections from another section. This
+feature is mainly useful in swanctl.conf (which uses the same file format).
+The syntax is as follows:
+.PP
+.EX
+ section := name : references { settings }
+ references := absname[, absname]*
+ absname := name[.name]*
+.EE
+.PP
+All key/value pairs and all subsections of the referenced sections will be
+inherited by the section that references them via their absolute name. Values
+may be overridden in the section or any of its sub-sections (use an empty
+assignment to clear a value so its default value, if any, will apply). It is
+currently not possible to limit the inclusion level or clear/remove inherited
+sub-sections.
+
+If the order is important (e.g. for auth rounds in a connection, if \fIround\fR
+is not used), it should be noted that inherited settings/sections will follow
+those defined in the current section (if multiple sections are referenced, their
+settings are enumerated left to right).
+
+References are evaluated dynamically at runtime, so referring to sections later
+in the config file or included via other files is no problem.
+
+Here is an example of how this might look like:
+.PP
+.EX
+ conn-defaults {
+ # default settings for all conns (e.g. a cert, or IP pools)
+ }
+ eap-defaults {
+ # defaults if eap is used (e.g. a remote auth round)
+ }
+ child-defaults {
+ # defaults for child configs (e.g. traffic selectors)
+ }
+ connections {
+ conn-a : conn-defaults, eap-defaults {
+ # set/override stuff specific to this connection
+ children {
+ child-a : child-defaults {
+ # set/override stuff specific to this child
+ }
+ }
+ }
+ conn-b : conn-defaults {
+ # set/override stuff specific to this connection
+ children {
+ child-b : child-defaults {
+ # set/override stuff specific to this child
+ }
+ }
+ }
+ conn-c : connections.conn-a {
+ # everything is inherited, including everything conn-a
+ # already inherits from the sections it and its
+ # sub-section reference
+ }
+ }
+.EE
+.PP
+
.SH INCLUDING FILES
Using the
.B include
diff --git a/conf/strongswan.conf.5.main b/conf/strongswan.conf.5.main
index f83211805..486ee5af9 100644
--- a/conf/strongswan.conf.5.main
+++ b/conf/strongswan.conf.5.main
@@ -85,7 +85,7 @@ Buffer size used for crypto benchmark.
.TP
.BR charon.crypto_test.bench_time " [50]"
-Number of iterations to test each algorithm.
+Time in ms during which crypto algorithm performance is measured.
.TP
.BR charon.crypto_test.on_add " [no]"
@@ -155,41 +155,49 @@ Section to define file loggers, see LOGGER CONFIGURATION in
.TP
-.B charon.filelog.<filename>
+.B charon.filelog.<name>
.br
-<filename> is the full path to the log file.
+<name> may be the full path to the log file if it only contains characters
+permitted in section names. Is ignored if
+.RI "" "path" ""
+is specified.
.TP
-.BR charon.filelog.<filename>.<subsystem> " [<default>]"
+.BR charon.filelog.<name>.<subsystem> " [<default>]"
Loglevel for a specific subsystem.
.TP
-.BR charon.filelog.<filename>.append " [yes]"
+.BR charon.filelog.<name>.append " [yes]"
If this option is enabled log entries are appended to the existing file.
.TP
-.BR charon.filelog.<filename>.default " [1]"
+.BR charon.filelog.<name>.default " [1]"
Specifies the default loglevel to be used for subsystems for which no specific
loglevel is defined.
.TP
-.BR charon.filelog.<filename>.flush_line " [no]"
+.BR charon.filelog.<name>.flush_line " [no]"
Enabling this option disables block buffering and enables line buffering.
.TP
-.BR charon.filelog.<filename>.ike_name " [no]"
+.BR charon.filelog.<name>.ike_name " [no]"
Prefix each log entry with the connection name and a unique numerical identifier
for each IKE_SA.
.TP
-.BR charon.filelog.<filename>.time_add_ms " [no]"
+.BR charon.filelog.<name>.path " []"
+Optional path to the log file. Overrides the section name. Must be used if the
+path contains characters that aren't allowed in section names.
+
+.TP
+.BR charon.filelog.<name>.time_add_ms " [no]"
Adds the milliseconds within the current second after the timestamp (separated
by a dot, so
.RI "" "time_format" ""
should end with %S or %T).
.TP
-.BR charon.filelog.<filename>.time_format " []"
+.BR charon.filelog.<name>.time_format " []"
Prefix each log entry with a timestamp. The option accepts a format string as
passed to
.RB "" "strftime" "(3)."
@@ -556,6 +564,18 @@ DHCP server.
DHCP server unicast or broadcast IP address.
.TP
+.BR charon.plugins.dhcp.use_server_port " [no]"
+Use the DHCP server port (67) as source port, instead of the DHCP client port
+(68), when a unicast server address is configured and the plugin acts as relay
+agent. When replying in this mode the DHCP server will always send packets to
+the DHCP server port and if no process binds that port an ICMP port unreachables
+will be sent back, which might be problematic for some DHCP servers. To avoid
+that, enabling this option will cause the plugin to bind the DHCP server port to
+send its requests when acting as relay agent. This is not necessary if a DHCP
+server is already running on the same host and might even cause conflicts (and
+since the server port is already bound, ICMPs should not be an issue).
+
+.TP
.BR charon.plugins.dnscert.enable " [no]"
Enable fetching of CERT RRs via DNS.
@@ -778,6 +798,11 @@ and
Number of sockets (ports) to use, increase for high load.
.TP
+.BR charon.plugins.eap-radius.station_id_with_port " [yes]"
+Whether to include the UDP port in the Called\- and Calling\-Station\-Id RADIUS
+attributes.
+
+.TP
.B charon.plugins.eap-radius.xauth
.br
Section to configure multiple XAuth authentication rounds via RADIUS. The
@@ -1660,6 +1685,32 @@ Send an unsupported PB\-TNC message type with the NOSKIP flag set.
Send a PB\-TNC batch with a modified PB\-TNC version.
.TP
+.BR charon.plugins.tpm.tcti.name " [device|tabrmd]"
+Name of TPM 2.0 TCTI library. Valid values:
+.RI "" "tabrmd" ","
+.RI "" "device" ""
+or
+.RI "" "mssim" "."
+Defaults are
+.RI "" "device" ""
+if the
+.RI "" "/dev/tpmrm0" ""
+in\-kernel TPM 2.0 resource manager
+device exists, and
+.RI "" "tabrmd" ""
+otherwise, requiring the d\-bus based TPM 2.0 access
+broker and resource manager to be available.
+
+.TP
+.BR charon.plugins.tpm.tcti.opts " [/dev/tpmrm0|<none>]"
+Options for the TPM 2.0 TCTI library. Defaults are
+.RI "" "/dev/tpmrm0" ""
+if the TCTI
+library name is
+.RI "" "device" ""
+and no options otherwise.
+
+.TP
.BR charon.plugins.tpm.use_rng " [no]"
Whether the TPM should be used as RNG.
@@ -2191,23 +2242,15 @@ Send operating system info without being prompted.
Send open listening ports without being prompted.
.TP
-.BR libimcv.plugins.imc-swid.swid_directory " [${prefix}/share]"
-Directory where SWID tags are located.
-
-.TP
-.BR libimcv.plugins.imc-swid.swid_full " [no]"
-Include file information in the XML\-encoded SWID tags.
-
-.TP
-.BR libimcv.plugins.imc-swid.swid_pretty " [no]"
-Generate XML\-encoded SWID tags with pretty indentation.
-
-.TP
.BR libimcv.plugins.imc-swima.eid_epoch " [0x11223344]"
Set 32 bit epoch value for event IDs manually if software collector database is
not available.
.TP
+.BR libimcv.plugins.imc-swima.subscriptions " [no]"
+Accept SW Inventory or SW Events subscriptions.
+
+.TP
.BR libimcv.plugins.imc-swima.swid_database " []"
URI to software collector database containing event timestamps, software
creation and deletion events and collected software identifiers. If it contains
@@ -2274,14 +2317,6 @@ URI pointing to operating system remediation instructions.
URI pointing to scanner remediation instructions.
.TP
-.BR libimcv.plugins.imv-swid.rest_api_timeout " [120]"
-Timeout of SWID REST API HTTP POST transaction.
-
-.TP
-.BR libimcv.plugins.imv-swid.rest_api_uri " []"
-HTTP URI of the SWID REST API.
-
-.TP
.BR libimcv.plugins.imv-swima.rest_api.timeout " [120]"
Timeout of SWID REST API HTTP POST transaction.
diff --git a/conf/strongswan.conf.5.tail.in b/conf/strongswan.conf.5.tail.in
index a93fe020a..4dd177ca0 100644
--- a/conf/strongswan.conf.5.tail.in
+++ b/conf/strongswan.conf.5.tail.in
@@ -15,12 +15,15 @@ does not have any effect.
There are currently two types of loggers:
.TP
.B File loggers
-Log directly to a file and are defined by specifying the full path to the
-file as subsection in the
+Log directly to a file and are defined by specifying an arbitrarily named
+subsection in the
.B charon.filelog
-section. To log to the console the two special filenames
+section. The full path to the file is configured in the \fIpath\fR setting of
+that subsection, however, if it only contains characters permitted in section
+names, the setting may also be omitted and the path specified as name of the
+subsection. To log to the console the two special filenames
.BR stdout " and " stderr
-can be used.
+may be used.
.TP
.B Syslog loggers
Log into a syslog facility and are defined by specifying the facility to log to
@@ -108,7 +111,8 @@ Also include sensitive material in dumps, e.g. keys
.EX
charon {
filelog {
- /var/log/charon.log {
+ charon {
+ path = /var/log/charon.log
time_format = %b %e %T
append = no
default = 1
@@ -290,7 +294,7 @@ For public key authentication, the responder uses the
identity. For the initiator, each connection attempt uses a different identity
in the form
.BR "\(dqCN=c1-r1, OU=load-test, O=strongSwan\(dq" ,
-where the first number inidicates the client number, the second the
+where the first number indicates the client number, the second the
authentication round (if multiple authentication rounds are used).
.PP
For PSK authentication, FQDN identities are used. The server uses
diff --git a/config.h.in b/config.h.in
index ba1deb1ce..71fd73abd 100644
--- a/config.h.in
+++ b/config.h.in
@@ -190,9 +190,6 @@
/* have GNU-style qsort_r() */
#undef HAVE_QSORT_R_GNU
-/* Define to 1 if you have the `rb_errinfo' function. */
-#undef HAVE_RB_ERRINFO
-
/* have netlink RTA_TABLE defined */
#undef HAVE_RTA_TABLE
@@ -325,6 +322,12 @@
/* Define to 1 if strerror_r returns char *. */
#undef STRERROR_R_CHAR_P
+/* use TSS2 v2 Extended System API */
+#undef TSS2_ESYS
+
+/* use TSS2 v2 System API */
+#undef TSS2_SYS
+
/* use TCTI Sockets */
#undef TSS2_TCTI_SOCKET
@@ -334,8 +337,11 @@
/* use TrouSerS library libtspi */
#undef TSS_TROUSERS
-/* use TSS 2.0 libraries */
-#undef TSS_TSS2
+/* use TSS 2.0 v1 libraries */
+#undef TSS_TSS2_V1
+
+/* use TSS 2.0 v2 libraries */
+#undef TSS_TSS2_V2
/* using builtin printf for printf hooks */
#undef USE_BUILTIN_PRINTF
diff --git a/configure b/configure
index 581039dbd..fa4651fef 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for strongSwan 5.6.3.
+# Generated by GNU Autoconf 2.69 for strongSwan 5.7.0.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='strongSwan'
PACKAGE_TARNAME='strongswan'
-PACKAGE_VERSION='5.6.3'
-PACKAGE_STRING='strongSwan 5.6.3'
+PACKAGE_VERSION='5.7.0'
+PACKAGE_STRING='strongSwan 5.7.0'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -735,8 +735,6 @@ USE_MANAGER_FALSE
USE_MANAGER_TRUE
USE_FAST_FALSE
USE_FAST_TRUE
-USE_DUMM_FALSE
-USE_DUMM_TRUE
USE_LOCK_PROFILER_FALSE
USE_LOCK_PROFILER_TRUE
USE_LEAK_DETECTIVE_FALSE
@@ -777,10 +775,6 @@ USE_IMV_SWIMA_FALSE
USE_IMV_SWIMA_TRUE
USE_IMC_SWIMA_FALSE
USE_IMC_SWIMA_TRUE
-USE_IMV_SWID_FALSE
-USE_IMV_SWID_TRUE
-USE_IMC_SWID_FALSE
-USE_IMC_SWID_TRUE
USE_IMV_ATTESTATION_FALSE
USE_IMV_ATTESTATION_TRUE
USE_IMC_ATTESTATION_FALSE
@@ -949,6 +943,8 @@ USE_KEYCHAIN_FALSE
USE_KEYCHAIN_TRUE
USE_AGENT_FALSE
USE_AGENT_TRUE
+USE_BOTAN_FALSE
+USE_BOTAN_TRUE
USE_GCRYPT_FALSE
USE_GCRYPT_TRUE
USE_OPENSSL_FALSE
@@ -1085,16 +1081,13 @@ nm_LIBS
nm_CFLAGS
pcsclite_LIBS
pcsclite_CFLAGS
+botan_LIBS
+botan_CFLAGS
OPENSSL_LIB
MYSQLCFLAG
MYSQLCONFIG
MYSQLLIB
clearsilver_LIBS
-ruby_LIBS
-ruby_CFLAGS
-RUBY
-gtk_LIBS
-gtk_CFLAGS
json_LIBS
json_CFLAGS
tss2_LIBS
@@ -1103,6 +1096,10 @@ tss2_socket_LIBS
tss2_socket_CFLAGS
tss2_tabrmd_LIBS
tss2_tabrmd_CFLAGS
+tss2_esys_LIBS
+tss2_esys_CFLAGS
+tss2_sys_LIBS
+tss2_sys_CFLAGS
systemd_journal_LIBS
systemd_journal_CFLAGS
systemd_daemon_LIBS
@@ -1325,6 +1322,7 @@ enable_aes
enable_af_alg
enable_bliss
enable_blowfish
+enable_botan
enable_ccm
enable_chapoly
enable_cmac
@@ -1436,8 +1434,6 @@ enable_imc_os
enable_imv_os
enable_imc_attestation
enable_imv_attestation
-enable_imc_swid
-enable_imv_swid
enable_imc_swima
enable_imv_swima
enable_imc_hcd
@@ -1471,7 +1467,6 @@ enable_aikgen
enable_charon
enable_cmd
enable_conftest
-enable_dumm
enable_fast
enable_fuzzing
enable_libipsec
@@ -1545,16 +1540,18 @@ systemd_daemon_CFLAGS
systemd_daemon_LIBS
systemd_journal_CFLAGS
systemd_journal_LIBS
+tss2_sys_CFLAGS
+tss2_sys_LIBS
+tss2_esys_CFLAGS
+tss2_esys_LIBS
tss2_tabrmd_CFLAGS
tss2_tabrmd_LIBS
tss2_socket_CFLAGS
tss2_socket_LIBS
json_CFLAGS
json_LIBS
-gtk_CFLAGS
-gtk_LIBS
-ruby_CFLAGS
-ruby_LIBS
+botan_CFLAGS
+botan_LIBS
pcsclite_CFLAGS
pcsclite_LIBS
nm_CFLAGS
@@ -2111,7 +2108,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures strongSwan 5.6.3 to adapt to many kinds of systems.
+\`configure' configures strongSwan 5.7.0 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -2182,7 +2179,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of strongSwan 5.6.3:";;
+ short | recursive ) echo "Configuration of strongSwan 5.7.0:";;
esac
cat <<\_ACEOF
@@ -2197,6 +2194,7 @@ Optional Features:
--enable-af-alg enable AF_ALG crypto interface to Linux Crypto API.
--enable-bliss enable BLISS software implementation plugin.
--enable-blowfish enable Blowfish software implementation plugin.
+ --enable-botan enables the Botan crypto plugin.
--enable-ccm enables the CCM AEAD wrapper crypto plugin.
--enable-chapoly enables the ChaCha20/Poly1305 AEAD plugin.
--disable-cmac disable CMAC crypto implementation plugin.
@@ -2338,8 +2336,6 @@ Optional Features:
enable IMC attestation module.
--enable-imv-attestation
enable IMV attestation module.
- --enable-imc-swid enable IMC swid module.
- --enable-imv-swid enable IMV swid module.
--enable-imc-swima enable IMC swima module.
--enable-imv-swima enable IMV swima module.
--enable-imc-hcd enable IMC hcd module.
@@ -2385,7 +2381,6 @@ Optional Features:
--disable-charon disable the IKEv1/IKEv2 keying daemon charon.
--enable-cmd enable the command line IKE client charon-cmd.
--enable-conftest enforce Suite B conformance test framework.
- --enable-dumm enable the DUMM UML test framework.
--enable-fast enable libfast (FastCGI Application Server w/
templates.
--enable-fuzzing enable fuzzing scripts (found in directory fuzz).
@@ -2573,6 +2568,14 @@ Some influential environment variables:
C compiler flags for systemd_journal, overriding pkg-config
systemd_journal_LIBS
linker flags for systemd_journal, overriding pkg-config
+ tss2_sys_CFLAGS
+ C compiler flags for tss2_sys, overriding pkg-config
+ tss2_sys_LIBS
+ linker flags for tss2_sys, overriding pkg-config
+ tss2_esys_CFLAGS
+ C compiler flags for tss2_esys, overriding pkg-config
+ tss2_esys_LIBS
+ linker flags for tss2_esys, overriding pkg-config
tss2_tabrmd_CFLAGS
C compiler flags for tss2_tabrmd, overriding pkg-config
tss2_tabrmd_LIBS
@@ -2583,10 +2586,9 @@ Some influential environment variables:
linker flags for tss2_socket, overriding pkg-config
json_CFLAGS C compiler flags for json, overriding pkg-config
json_LIBS linker flags for json, overriding pkg-config
- gtk_CFLAGS C compiler flags for gtk, overriding pkg-config
- gtk_LIBS linker flags for gtk, overriding pkg-config
- ruby_CFLAGS C compiler flags for ruby, overriding pkg-config
- ruby_LIBS linker flags for ruby, overriding pkg-config
+ botan_CFLAGS
+ C compiler flags for botan, overriding pkg-config
+ botan_LIBS linker flags for botan, overriding pkg-config
pcsclite_CFLAGS
C compiler flags for pcsclite, overriding pkg-config
pcsclite_LIBS
@@ -2664,7 +2666,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-strongSwan configure 5.6.3
+strongSwan configure 5.7.0
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -3186,7 +3188,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by strongSwan $as_me 5.6.3, which was
+It was created by strongSwan $as_me 5.7.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -4049,7 +4051,7 @@ fi
# Define the identity of the package.
PACKAGE='strongswan'
- VERSION='5.6.3'
+ VERSION='5.7.0'
cat >>confdefs.h <<_ACEOF
@@ -4999,6 +5001,22 @@ fi
disabled_by_default=${disabled_by_default}" blowfish"
+# Check whether --enable-botan was given.
+if test "${enable_botan+set}" = set; then :
+ enableval=$enable_botan; botan_given=true
+ if test x$enableval = xyes; then
+ botan=true
+ else
+ botan=false
+ fi
+else
+ botan=false
+ botan_given=false
+
+fi
+
+ disabled_by_default=${disabled_by_default}" botan"
+
# Check whether --enable-ccm was given.
if test "${enable_ccm+set}" = set; then :
enableval=$enable_ccm; ccm_given=true
@@ -6783,38 +6801,6 @@ fi
disabled_by_default=${disabled_by_default}" imv_attestation"
-# Check whether --enable-imc-swid was given.
-if test "${enable_imc_swid+set}" = set; then :
- enableval=$enable_imc_swid; imc_swid_given=true
- if test x$enableval = xyes; then
- imc_swid=true
- else
- imc_swid=false
- fi
-else
- imc_swid=false
- imc_swid_given=false
-
-fi
-
- disabled_by_default=${disabled_by_default}" imc_swid"
-
-# Check whether --enable-imv-swid was given.
-if test "${enable_imv_swid+set}" = set; then :
- enableval=$enable_imv_swid; imv_swid_given=true
- if test x$enableval = xyes; then
- imv_swid=true
- else
- imv_swid=false
- fi
-else
- imv_swid=false
- imv_swid_given=false
-
-fi
-
- disabled_by_default=${disabled_by_default}" imv_swid"
-
# Check whether --enable-imc-swima was given.
if test "${enable_imc_swima+set}" = set; then :
enableval=$enable_imc_swima; imc_swima_given=true
@@ -7345,22 +7331,6 @@ fi
disabled_by_default=${disabled_by_default}" conftest"
-# Check whether --enable-dumm was given.
-if test "${enable_dumm+set}" = set; then :
- enableval=$enable_dumm; dumm_given=true
- if test x$enableval = xyes; then
- dumm=true
- else
- dumm=false
- fi
-else
- dumm=false
- dumm_given=false
-
-fi
-
- disabled_by_default=${disabled_by_default}" dumm"
-
# Check whether --enable-fast was given.
if test "${enable_fast+set}" = set; then :
enableval=$enable_fast; fast_given=true
@@ -18194,7 +18164,7 @@ if test x$eap_radius = xtrue -o x$radattr = xtrue -o x$tnc_pdp = xtrue; then
radius=true;
fi
-if test x$tnc_imc = xtrue -o x$tnc_imv = xtrue -o x$tnccs_11 = xtrue -o x$tnccs_11 = xtrue -o x$tnccs_dynamic = xtrue -o x$eap_tnc = xtrue; then
+if test x$tnc_imc = xtrue -o x$tnc_imv = xtrue -o x$tnccs_11 = xtrue -o x$tnccs_20 = xtrue -o x$tnccs_dynamic = xtrue -o x$eap_tnc = xtrue; then
tnc_tnccs=true;
fi
@@ -18202,7 +18172,7 @@ if test x$eap_tls = xtrue -o x$eap_ttls = xtrue -o x$eap_peap = xtrue -o x$tnc_t
tls=true;
fi
-if test x$imc_test = xtrue -o x$imv_test = xtrue -o x$imc_scanner = xtrue -o x$imv_scanner = xtrue -o x$imc_os = xtrue -o x$imv_os = xtrue -o x$imc_attestation = xtrue -o x$imv_attestation = xtrue -o x$imc_swid = xtrue -o x$imv_swid = xtrue -o x$imc_swima = xtrue -o x$imv_swima = xtrue -o x$imc_hcd = xtrue -o x$imv_hcd = xtrue; then
+if test x$imc_test = xtrue -o x$imv_test = xtrue -o x$imc_scanner = xtrue -o x$imv_scanner = xtrue -o x$imc_os = xtrue -o x$imv_os = xtrue -o x$imc_attestation = xtrue -o x$imv_attestation = xtrue -o x$imc_swima = xtrue -o x$imv_swima = xtrue -o x$imc_hcd = xtrue -o x$imv_hcd = xtrue; then
imcv=true;
fi
@@ -21028,6 +20998,152 @@ fi
if test x$tss_tss2 = xtrue; then
pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for tss2_sys" >&5
+$as_echo_n "checking for tss2_sys... " >&6; }
+
+if test -n "$tss2_sys_CFLAGS"; then
+ pkg_cv_tss2_sys_CFLAGS="$tss2_sys_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-sys\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "tss2-sys") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_tss2_sys_CFLAGS=`$PKG_CONFIG --cflags "tss2-sys" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$tss2_sys_LIBS"; then
+ pkg_cv_tss2_sys_LIBS="$tss2_sys_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-sys\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "tss2-sys") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_tss2_sys_LIBS=`$PKG_CONFIG --libs "tss2-sys" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ tss2_sys_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "tss2-sys" 2>&1`
+ else
+ tss2_sys_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "tss2-sys" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$tss2_sys_PKG_ERRORS" >&5
+
+ tss2_sys=false
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ tss2_sys=false
+else
+ tss2_sys_CFLAGS=$pkg_cv_tss2_sys_CFLAGS
+ tss2_sys_LIBS=$pkg_cv_tss2_sys_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ tss2_sys=true;
+$as_echo "#define TSS2_SYS /**/" >>confdefs.h
+
+fi
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for tss2_esys" >&5
+$as_echo_n "checking for tss2_esys... " >&6; }
+
+if test -n "$tss2_esys_CFLAGS"; then
+ pkg_cv_tss2_esys_CFLAGS="$tss2_esys_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "tss2-esys") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_tss2_esys_CFLAGS=`$PKG_CONFIG --cflags "tss2-esys" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$tss2_esys_LIBS"; then
+ pkg_cv_tss2_esys_LIBS="$tss2_esys_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"tss2-esys\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "tss2-esys") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_tss2_esys_LIBS=`$PKG_CONFIG --libs "tss2-esys" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ tss2_esys_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "tss2-esys" 2>&1`
+ else
+ tss2_esys_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "tss2-esys" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$tss2_esys_PKG_ERRORS" >&5
+
+ tss2_esys=false
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ tss2_esys=false
+else
+ tss2_esys_CFLAGS=$pkg_cv_tss2_esys_CFLAGS
+ tss2_esys_LIBS=$pkg_cv_tss2_esys_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ tss2_esys=true;
+$as_echo "#define TSS2_ESYS /**/" >>confdefs.h
+
+fi
+
+pkg_failed=no
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for tss2_tabrmd" >&5
$as_echo_n "checking for tss2_tabrmd... " >&6; }
@@ -21172,9 +21288,17 @@ $as_echo "yes" >&6; }
$as_echo "#define TSS2_TCTI_SOCKET /**/" >>confdefs.h
fi
- if test x$tss2_tabrmd = xtrue -o x$tss2_socket = xtrue; then
+ if test x$tss2_sys = xtrue; then
+
+$as_echo "#define TSS_TSS2_V2 /**/" >>confdefs.h
-$as_echo "#define TSS_TSS2 /**/" >>confdefs.h
+ tss2_CFLAGS="$tss2_sys_CFLAGS"
+
+ tss2_LIBS="$tss2_sys_LIBS"
+
+ elif test x$tss2_tabrmd = xtrue -o x$tss2_socket = xtrue; then
+
+$as_echo "#define TSS_TSS2_V1 /**/" >>confdefs.h
tss2_CFLAGS="$tss2_tabrmd_CFLAGS $tss2_socket_CFLAGS"
@@ -21183,12 +21307,12 @@ $as_echo "#define TSS_TSS2 /**/" >>confdefs.h
else
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "no TSS2 TCTI library detected
+as_fn_error $? "no TSS2 TCTI or SAPI libraries detected
See \`config.log' for more details" "$LINENO" 5; }
fi
fi
-if test x$imc_swima = xtrue -o $imv_swima = xtrue -o x$imv_swid = xtrue; then
+if test x$imc_swima = xtrue -o $imv_swima = xtrue; then
pkg_failed=no
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for json" >&5
@@ -21444,249 +21568,6 @@ fi
fi
-if test x$dumm = xtrue; then
-
-pkg_failed=no
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gtk" >&5
-$as_echo_n "checking for gtk... " >&6; }
-
-if test -n "$gtk_CFLAGS"; then
- pkg_cv_gtk_CFLAGS="$gtk_CFLAGS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gtk+-2.0 vte\""; } >&5
- ($PKG_CONFIG --exists --print-errors "gtk+-2.0 vte") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_gtk_CFLAGS=`$PKG_CONFIG --cflags "gtk+-2.0 vte" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-if test -n "$gtk_LIBS"; then
- pkg_cv_gtk_LIBS="$gtk_LIBS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gtk+-2.0 vte\""; } >&5
- ($PKG_CONFIG --exists --print-errors "gtk+-2.0 vte") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_gtk_LIBS=`$PKG_CONFIG --libs "gtk+-2.0 vte" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-
-
-
-if test $pkg_failed = yes; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
- _pkg_short_errors_supported=yes
-else
- _pkg_short_errors_supported=no
-fi
- if test $_pkg_short_errors_supported = yes; then
- gtk_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "gtk+-2.0 vte" 2>&1`
- else
- gtk_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "gtk+-2.0 vte" 2>&1`
- fi
- # Put the nasty error message in config.log where it belongs
- echo "$gtk_PKG_ERRORS" >&5
-
- as_fn_error $? "Package requirements (gtk+-2.0 vte) were not met:
-
-$gtk_PKG_ERRORS
-
-Consider adjusting the PKG_CONFIG_PATH environment variable if you
-installed software in a non-standard prefix.
-
-Alternatively, you may set the environment variables gtk_CFLAGS
-and gtk_LIBS to avoid the need to call pkg-config.
-See the pkg-config man page for more details." "$LINENO" 5
-elif test $pkg_failed = untried; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it
-is in your PATH or set the PKG_CONFIG environment variable to the full
-path to pkg-config.
-
-Alternatively, you may set the environment variables gtk_CFLAGS
-and gtk_LIBS to avoid the need to call pkg-config.
-See the pkg-config man page for more details.
-
-To get pkg-config, see <http://pkg-config.freedesktop.org/>.
-See \`config.log' for more details" "$LINENO" 5; }
-else
- gtk_CFLAGS=$pkg_cv_gtk_CFLAGS
- gtk_LIBS=$pkg_cv_gtk_LIBS
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-
-fi
-
-
- for ac_prog in ruby
-do
- # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_RUBY+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test -n "$RUBY"; then
- ac_cv_prog_RUBY="$RUBY" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
- IFS=$as_save_IFS
- test -z "$as_dir" && as_dir=.
- for ac_exec_ext in '' $ac_executable_extensions; do
- if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
- ac_cv_prog_RUBY="$ac_prog"
- $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
- break 2
- fi
-done
- done
-IFS=$as_save_IFS
-
-fi
-fi
-RUBY=$ac_cv_prog_RUBY
-if test -n "$RUBY"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RUBY" >&5
-$as_echo "$RUBY" >&6; }
-else
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
- test -n "$RUBY" && break
-done
-
-
-pkg_failed=no
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ruby" >&5
-$as_echo_n "checking for ruby... " >&6; }
-
-if test -n "$ruby_CFLAGS"; then
- pkg_cv_ruby_CFLAGS="$ruby_CFLAGS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"ruby\""; } >&5
- ($PKG_CONFIG --exists --print-errors "ruby") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_ruby_CFLAGS=`$PKG_CONFIG --cflags "ruby" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-if test -n "$ruby_LIBS"; then
- pkg_cv_ruby_LIBS="$ruby_LIBS"
- elif test -n "$PKG_CONFIG"; then
- if test -n "$PKG_CONFIG" && \
- { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"ruby\""; } >&5
- ($PKG_CONFIG --exists --print-errors "ruby") 2>&5
- ac_status=$?
- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
- test $ac_status = 0; }; then
- pkg_cv_ruby_LIBS=`$PKG_CONFIG --libs "ruby" 2>/dev/null`
- test "x$?" != "x0" && pkg_failed=yes
-else
- pkg_failed=yes
-fi
- else
- pkg_failed=untried
-fi
-
-
-
-if test $pkg_failed = yes; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
- _pkg_short_errors_supported=yes
-else
- _pkg_short_errors_supported=no
-fi
- if test $_pkg_short_errors_supported = yes; then
- ruby_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "ruby" 2>&1`
- else
- ruby_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "ruby" 2>&1`
- fi
- # Put the nasty error message in config.log where it belongs
- echo "$ruby_PKG_ERRORS" >&5
-
- as_fn_error $? "Package requirements (ruby) were not met:
-
-$ruby_PKG_ERRORS
-
-Consider adjusting the PKG_CONFIG_PATH environment variable if you
-installed software in a non-standard prefix.
-
-Alternatively, you may set the environment variables ruby_CFLAGS
-and ruby_LIBS to avoid the need to call pkg-config.
-See the pkg-config man page for more details." "$LINENO" 5
-elif test $pkg_failed = untried; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it
-is in your PATH or set the PKG_CONFIG environment variable to the full
-path to pkg-config.
-
-Alternatively, you may set the environment variables ruby_CFLAGS
-and ruby_LIBS to avoid the need to call pkg-config.
-See the pkg-config man page for more details.
-
-To get pkg-config, see <http://pkg-config.freedesktop.org/>.
-See \`config.log' for more details" "$LINENO" 5; }
-else
- ruby_CFLAGS=$pkg_cv_ruby_CFLAGS
- ruby_LIBS=$pkg_cv_ruby_LIBS
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-
-fi
- saved_LIBS=$LIBS
- LIBS=$ruby_LIBS
- for ac_func in rb_errinfo
-do :
- ac_fn_c_check_func "$LINENO" "rb_errinfo" "ac_cv_func_rb_errinfo"
-if test "x$ac_cv_func_rb_errinfo" = xyes; then :
- cat >>confdefs.h <<_ACEOF
-#define HAVE_RB_ERRINFO 1
-_ACEOF
-
-fi
-done
-
- LIBS=$saved_LIBS
-fi
-
if test x$fast = xtrue; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for hdf_init in -lneo_utl" >&5
$as_echo_n "checking for hdf_init in -lneo_utl... " >&6; }
@@ -22228,6 +22109,102 @@ fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
+if test x$botan = xtrue; then
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for botan" >&5
+$as_echo_n "checking for botan... " >&6; }
+
+if test -n "$botan_CFLAGS"; then
+ pkg_cv_botan_CFLAGS="$botan_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"botan-2\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "botan-2") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_botan_CFLAGS=`$PKG_CONFIG --cflags "botan-2" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$botan_LIBS"; then
+ pkg_cv_botan_LIBS="$botan_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"botan-2\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "botan-2") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_botan_LIBS=`$PKG_CONFIG --libs "botan-2" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ botan_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "botan-2" 2>&1`
+ else
+ botan_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "botan-2" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$botan_PKG_ERRORS" >&5
+
+ as_fn_error $? "Package requirements (botan-2) were not met:
+
+$botan_PKG_ERRORS
+
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+Alternatively, you may set the environment variables botan_CFLAGS
+and botan_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details." "$LINENO" 5
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
+
+Alternatively, you may set the environment variables botan_CFLAGS
+and botan_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.
+
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.
+See \`config.log' for more details" "$LINENO" 5; }
+else
+ botan_CFLAGS=$pkg_cv_botan_CFLAGS
+ botan_LIBS=$pkg_cv_botan_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+fi
+
+
+fi
+
if test x$uci = xtrue; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uci_alloc_context in -luci" >&5
$as_echo_n "checking for uci_alloc_context in -luci... " >&6; }
@@ -23738,6 +23715,21 @@ if test x$gcrypt = xtrue; then
fi
+if test x$botan = xtrue; then
+ s_plugins=${s_plugins}" botan"
+ charon_plugins=${charon_plugins}" botan"
+ scepclient_plugins=${scepclient_plugins}" botan"
+ pki_plugins=${pki_plugins}" botan"
+ scripts_plugins=${scripts_plugins}" botan"
+ manager_plugins=${manager_plugins}" botan"
+ medsrv_plugins=${medsrv_plugins}" botan"
+ attest_plugins=${attest_plugins}" botan"
+ nm_plugins=${nm_plugins}" botan"
+ cmd_plugins=${cmd_plugins}" botan"
+ aikgen_plugins=${aikgen_plugins}" botan"
+
+ fi
+
if test x$af_alg = xtrue; then
s_plugins=${s_plugins}" af-alg"
charon_plugins=${charon_plugins}" af-alg"
@@ -24825,6 +24817,14 @@ else
USE_GCRYPT_FALSE=
fi
+ if test x$botan = xtrue; then
+ USE_BOTAN_TRUE=
+ USE_BOTAN_FALSE='#'
+else
+ USE_BOTAN_TRUE='#'
+ USE_BOTAN_FALSE=
+fi
+
if test x$agent = xtrue; then
USE_AGENT_TRUE=
USE_AGENT_FALSE='#'
@@ -25500,22 +25500,6 @@ else
USE_IMV_ATTESTATION_FALSE=
fi
- if test x$imc_swid = xtrue; then
- USE_IMC_SWID_TRUE=
- USE_IMC_SWID_FALSE='#'
-else
- USE_IMC_SWID_TRUE='#'
- USE_IMC_SWID_FALSE=
-fi
-
- if test x$imv_swid = xtrue; then
- USE_IMV_SWID_TRUE=
- USE_IMV_SWID_FALSE='#'
-else
- USE_IMV_SWID_TRUE='#'
- USE_IMV_SWID_FALSE=
-fi
-
if test x$imc_swima = xtrue; then
USE_IMC_SWIMA_TRUE=
USE_IMC_SWIMA_FALSE='#'
@@ -25679,14 +25663,6 @@ else
USE_LOCK_PROFILER_FALSE=
fi
- if test x$dumm = xtrue; then
- USE_DUMM_TRUE=
- USE_DUMM_FALSE='#'
-else
- USE_DUMM_TRUE='#'
- USE_DUMM_FALSE=
-fi
-
if test x$fast = xtrue; then
USE_FAST_TRUE=
USE_FAST_FALSE='#'
@@ -26140,7 +26116,7 @@ if test x$fuzzing = xtrue; then
$as_echo "#define USE_FUZZING /**/" >>confdefs.h
fi
-if test x$imc_swima = xtrue -o x$imv_swima = xtrue -o x$imv_swid = xtrue ; then
+if test x$imc_swima = xtrue -o x$imv_swima = xtrue; then
$as_echo "#define USE_JSON /**/" >>confdefs.h
@@ -26201,7 +26177,7 @@ fi
# build Makefiles
# =================
-ac_config_files="$ac_config_files Makefile conf/Makefile fuzz/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/math/libnttfft/Makefile src/libstrongswan/math/libnttfft/tests/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/sha3/Makefile src/libstrongswan/plugins/mgf1/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/curve25519/Makefile src/libstrongswan/plugins/rdrand/Makefile src/libstrongswan/plugins/aesni/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/nonce/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/constraints/Makefile src/libstrongswan/plugins/acert/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pkcs7/Makefile src/libstrongswan/plugins/pkcs8/Makefile src/libstrongswan/plugins/pkcs12/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/sshkey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/files/Makefile src/libstrongswan/plugins/winhttp/Makefile src/libstrongswan/plugins/unbound/Makefile src/libstrongswan/plugins/soup/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/keychain/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/chapoly/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/af_alg/Makefile src/libstrongswan/plugins/ntru/Makefile src/libstrongswan/plugins/bliss/Makefile src/libstrongswan/plugins/bliss/tests/Makefile src/libstrongswan/plugins/newhope/Makefile src/libstrongswan/plugins/newhope/tests/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libstrongswan/tests/Makefile src/libipsec/Makefile src/libipsec/tests/Makefile src/libsimaka/Makefile src/libtls/Makefile src/libtls/tests/Makefile src/libradius/Makefile src/libtncif/Makefile src/libtnccs/Makefile src/libtnccs/plugins/tnc_tnccs/Makefile src/libtnccs/plugins/tnc_imc/Makefile src/libtnccs/plugins/tnc_imv/Makefile src/libtnccs/plugins/tnccs_11/Makefile src/libtnccs/plugins/tnccs_20/Makefile src/libtnccs/plugins/tnccs_dynamic/Makefile src/libpttls/Makefile src/libimcv/Makefile src/libimcv/plugins/imc_test/Makefile src/libimcv/plugins/imv_test/Makefile src/libimcv/plugins/imc_scanner/Makefile src/libimcv/plugins/imv_scanner/Makefile src/libimcv/plugins/imc_os/Makefile src/libimcv/plugins/imv_os/Makefile src/libimcv/plugins/imc_attestation/Makefile src/libimcv/plugins/imv_attestation/Makefile src/libimcv/plugins/imc_swid/Makefile src/libimcv/plugins/imv_swid/Makefile src/libimcv/plugins/imc_swima/Makefile src/libimcv/plugins/imv_swima/Makefile src/libimcv/plugins/imc_hcd/Makefile src/libimcv/plugins/imv_hcd/Makefile src/charon/Makefile src/charon-nm/Makefile src/charon-tkm/Makefile src/charon-cmd/Makefile src/charon-svc/Makefile src/charon-systemd/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp/Makefile src/libcharon/plugins/eap_aka_3gpp/tests/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_dynamic/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_sim_pcsc/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_tls/Makefile src/libcharon/plugins/eap_ttls/Makefile src/libcharon/plugins/eap_peap/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/xauth_generic/Makefile src/libcharon/plugins/xauth_eap/Makefile src/libcharon/plugins/xauth_pam/Makefile src/libcharon/plugins/xauth_noauth/Makefile src/libcharon/plugins/tnc_ifmap/Makefile src/libcharon/plugins/tnc_pdp/Makefile src/libcharon/plugins/save_keys/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/socket_win/Makefile src/libcharon/plugins/bypass_lan/Makefile src/libcharon/plugins/connmark/Makefile src/libcharon/plugins/counters/Makefile src/libcharon/plugins/forecast/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/dnscert/Makefile src/libcharon/plugins/ipseckey/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/unity/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_libipsec/Makefile src/libcharon/plugins/kernel_wfp/Makefile src/libcharon/plugins/kernel_iph/Makefile src/libcharon/plugins/whitelist/Makefile src/libcharon/plugins/ext_auth/Makefile src/libcharon/plugins/lookip/Makefile src/libcharon/plugins/error_notify/Makefile src/libcharon/plugins/certexpire/Makefile src/libcharon/plugins/systime_fix/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/duplicheck/Makefile src/libcharon/plugins/coupling/Makefile src/libcharon/plugins/radattr/Makefile src/libcharon/plugins/osx_attr/Makefile src/libcharon/plugins/p_cscf/Makefile src/libcharon/plugins/android_dns/Makefile src/libcharon/plugins/android_log/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/vici/Makefile src/libcharon/plugins/vici/ruby/Makefile src/libcharon/plugins/vici/perl/Makefile src/libcharon/plugins/vici/python/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/load_tester/Makefile src/libcharon/plugins/resolve/Makefile src/libcharon/plugins/attr/Makefile src/libcharon/plugins/attr_sql/Makefile src/libcharon/tests/Makefile src/libtpmtss/Makefile src/libtpmtss/plugins/tpm/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/starter/tests/Makefile src/_updown/Makefile src/_copyright/Makefile src/scepclient/Makefile src/aikgen/Makefile src/tpm_extendpcr/Makefile src/pki/Makefile src/pki/man/Makefile src/pool/Makefile src/dumm/Makefile src/dumm/ext/extconf.rb src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile src/conftest/Makefile src/pt-tls-client/Makefile src/sw-collector/Makefile src/sec-updater/Makefile src/swanctl/Makefile scripts/Makefile testing/Makefile"
+ac_config_files="$ac_config_files Makefile conf/Makefile fuzz/Makefile man/Makefile init/Makefile init/systemd/Makefile init/systemd-swanctl/Makefile src/Makefile src/include/Makefile src/libstrongswan/Makefile src/libstrongswan/math/libnttfft/Makefile src/libstrongswan/math/libnttfft/tests/Makefile src/libstrongswan/plugins/aes/Makefile src/libstrongswan/plugins/cmac/Makefile src/libstrongswan/plugins/des/Makefile src/libstrongswan/plugins/blowfish/Makefile src/libstrongswan/plugins/rc2/Makefile src/libstrongswan/plugins/md4/Makefile src/libstrongswan/plugins/md5/Makefile src/libstrongswan/plugins/sha1/Makefile src/libstrongswan/plugins/sha2/Makefile src/libstrongswan/plugins/sha3/Makefile src/libstrongswan/plugins/mgf1/Makefile src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/curve25519/Makefile src/libstrongswan/plugins/rdrand/Makefile src/libstrongswan/plugins/aesni/Makefile src/libstrongswan/plugins/random/Makefile src/libstrongswan/plugins/nonce/Makefile src/libstrongswan/plugins/hmac/Makefile src/libstrongswan/plugins/xcbc/Makefile src/libstrongswan/plugins/x509/Makefile src/libstrongswan/plugins/revocation/Makefile src/libstrongswan/plugins/constraints/Makefile src/libstrongswan/plugins/acert/Makefile src/libstrongswan/plugins/pubkey/Makefile src/libstrongswan/plugins/pkcs1/Makefile src/libstrongswan/plugins/pkcs7/Makefile src/libstrongswan/plugins/pkcs8/Makefile src/libstrongswan/plugins/pkcs12/Makefile src/libstrongswan/plugins/pgp/Makefile src/libstrongswan/plugins/dnskey/Makefile src/libstrongswan/plugins/sshkey/Makefile src/libstrongswan/plugins/pem/Makefile src/libstrongswan/plugins/curl/Makefile src/libstrongswan/plugins/files/Makefile src/libstrongswan/plugins/winhttp/Makefile src/libstrongswan/plugins/unbound/Makefile src/libstrongswan/plugins/soup/Makefile src/libstrongswan/plugins/ldap/Makefile src/libstrongswan/plugins/mysql/Makefile src/libstrongswan/plugins/sqlite/Makefile src/libstrongswan/plugins/padlock/Makefile src/libstrongswan/plugins/openssl/Makefile src/libstrongswan/plugins/gcrypt/Makefile src/libstrongswan/plugins/botan/Makefile src/libstrongswan/plugins/agent/Makefile src/libstrongswan/plugins/keychain/Makefile src/libstrongswan/plugins/pkcs11/Makefile src/libstrongswan/plugins/chapoly/Makefile src/libstrongswan/plugins/ctr/Makefile src/libstrongswan/plugins/ccm/Makefile src/libstrongswan/plugins/gcm/Makefile src/libstrongswan/plugins/af_alg/Makefile src/libstrongswan/plugins/ntru/Makefile src/libstrongswan/plugins/bliss/Makefile src/libstrongswan/plugins/bliss/tests/Makefile src/libstrongswan/plugins/newhope/Makefile src/libstrongswan/plugins/newhope/tests/Makefile src/libstrongswan/plugins/test_vectors/Makefile src/libstrongswan/tests/Makefile src/libipsec/Makefile src/libipsec/tests/Makefile src/libsimaka/Makefile src/libtls/Makefile src/libtls/tests/Makefile src/libradius/Makefile src/libtncif/Makefile src/libtnccs/Makefile src/libtnccs/plugins/tnc_tnccs/Makefile src/libtnccs/plugins/tnc_imc/Makefile src/libtnccs/plugins/tnc_imv/Makefile src/libtnccs/plugins/tnccs_11/Makefile src/libtnccs/plugins/tnccs_20/Makefile src/libtnccs/plugins/tnccs_dynamic/Makefile src/libpttls/Makefile src/libimcv/Makefile src/libimcv/plugins/imc_test/Makefile src/libimcv/plugins/imv_test/Makefile src/libimcv/plugins/imc_scanner/Makefile src/libimcv/plugins/imv_scanner/Makefile src/libimcv/plugins/imc_os/Makefile src/libimcv/plugins/imv_os/Makefile src/libimcv/plugins/imc_attestation/Makefile src/libimcv/plugins/imv_attestation/Makefile src/libimcv/plugins/imc_swima/Makefile src/libimcv/plugins/imv_swima/Makefile src/libimcv/plugins/imc_hcd/Makefile src/libimcv/plugins/imv_hcd/Makefile src/charon/Makefile src/charon-nm/Makefile src/charon-tkm/Makefile src/charon-cmd/Makefile src/charon-svc/Makefile src/charon-systemd/Makefile src/libcharon/Makefile src/libcharon/plugins/eap_aka/Makefile src/libcharon/plugins/eap_aka_3gpp/Makefile src/libcharon/plugins/eap_aka_3gpp/tests/Makefile src/libcharon/plugins/eap_aka_3gpp2/Makefile src/libcharon/plugins/eap_dynamic/Makefile src/libcharon/plugins/eap_identity/Makefile src/libcharon/plugins/eap_md5/Makefile src/libcharon/plugins/eap_gtc/Makefile src/libcharon/plugins/eap_sim/Makefile src/libcharon/plugins/eap_sim_file/Makefile src/libcharon/plugins/eap_sim_pcsc/Makefile src/libcharon/plugins/eap_simaka_sql/Makefile src/libcharon/plugins/eap_simaka_pseudonym/Makefile src/libcharon/plugins/eap_simaka_reauth/Makefile src/libcharon/plugins/eap_mschapv2/Makefile src/libcharon/plugins/eap_tls/Makefile src/libcharon/plugins/eap_ttls/Makefile src/libcharon/plugins/eap_peap/Makefile src/libcharon/plugins/eap_tnc/Makefile src/libcharon/plugins/eap_radius/Makefile src/libcharon/plugins/xauth_generic/Makefile src/libcharon/plugins/xauth_eap/Makefile src/libcharon/plugins/xauth_pam/Makefile src/libcharon/plugins/xauth_noauth/Makefile src/libcharon/plugins/tnc_ifmap/Makefile src/libcharon/plugins/tnc_pdp/Makefile src/libcharon/plugins/save_keys/Makefile src/libcharon/plugins/socket_default/Makefile src/libcharon/plugins/socket_dynamic/Makefile src/libcharon/plugins/socket_win/Makefile src/libcharon/plugins/bypass_lan/Makefile src/libcharon/plugins/connmark/Makefile src/libcharon/plugins/counters/Makefile src/libcharon/plugins/forecast/Makefile src/libcharon/plugins/farp/Makefile src/libcharon/plugins/smp/Makefile src/libcharon/plugins/sql/Makefile src/libcharon/plugins/dnscert/Makefile src/libcharon/plugins/ipseckey/Makefile src/libcharon/plugins/medsrv/Makefile src/libcharon/plugins/medcli/Makefile src/libcharon/plugins/addrblock/Makefile src/libcharon/plugins/unity/Makefile src/libcharon/plugins/uci/Makefile src/libcharon/plugins/ha/Makefile src/libcharon/plugins/kernel_netlink/Makefile src/libcharon/plugins/kernel_pfkey/Makefile src/libcharon/plugins/kernel_pfroute/Makefile src/libcharon/plugins/kernel_libipsec/Makefile src/libcharon/plugins/kernel_wfp/Makefile src/libcharon/plugins/kernel_iph/Makefile src/libcharon/plugins/whitelist/Makefile src/libcharon/plugins/ext_auth/Makefile src/libcharon/plugins/lookip/Makefile src/libcharon/plugins/error_notify/Makefile src/libcharon/plugins/certexpire/Makefile src/libcharon/plugins/systime_fix/Makefile src/libcharon/plugins/led/Makefile src/libcharon/plugins/duplicheck/Makefile src/libcharon/plugins/coupling/Makefile src/libcharon/plugins/radattr/Makefile src/libcharon/plugins/osx_attr/Makefile src/libcharon/plugins/p_cscf/Makefile src/libcharon/plugins/android_dns/Makefile src/libcharon/plugins/android_log/Makefile src/libcharon/plugins/stroke/Makefile src/libcharon/plugins/vici/Makefile src/libcharon/plugins/vici/ruby/Makefile src/libcharon/plugins/vici/perl/Makefile src/libcharon/plugins/vici/python/Makefile src/libcharon/plugins/updown/Makefile src/libcharon/plugins/dhcp/Makefile src/libcharon/plugins/load_tester/Makefile src/libcharon/plugins/resolve/Makefile src/libcharon/plugins/attr/Makefile src/libcharon/plugins/attr_sql/Makefile src/libcharon/tests/Makefile src/libtpmtss/Makefile src/libtpmtss/plugins/tpm/Makefile src/stroke/Makefile src/ipsec/Makefile src/starter/Makefile src/starter/tests/Makefile src/_updown/Makefile src/_copyright/Makefile src/scepclient/Makefile src/aikgen/Makefile src/tpm_extendpcr/Makefile src/pki/Makefile src/pki/man/Makefile src/pool/Makefile src/libfast/Makefile src/manager/Makefile src/medsrv/Makefile src/checksum/Makefile src/conftest/Makefile src/pt-tls-client/Makefile src/sw-collector/Makefile src/sec-updater/Makefile src/swanctl/Makefile scripts/Makefile testing/Makefile"
# =================
@@ -26553,6 +26529,10 @@ if test -z "${USE_GCRYPT_TRUE}" && test -z "${USE_GCRYPT_FALSE}"; then
as_fn_error $? "conditional \"USE_GCRYPT\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
+if test -z "${USE_BOTAN_TRUE}" && test -z "${USE_BOTAN_FALSE}"; then
+ as_fn_error $? "conditional \"USE_BOTAN\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
if test -z "${USE_AGENT_TRUE}" && test -z "${USE_AGENT_FALSE}"; then
as_fn_error $? "conditional \"USE_AGENT\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -26889,14 +26869,6 @@ if test -z "${USE_IMV_ATTESTATION_TRUE}" && test -z "${USE_IMV_ATTESTATION_FALSE
as_fn_error $? "conditional \"USE_IMV_ATTESTATION\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
-if test -z "${USE_IMC_SWID_TRUE}" && test -z "${USE_IMC_SWID_FALSE}"; then
- as_fn_error $? "conditional \"USE_IMC_SWID\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
-if test -z "${USE_IMV_SWID_TRUE}" && test -z "${USE_IMV_SWID_FALSE}"; then
- as_fn_error $? "conditional \"USE_IMV_SWID\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
if test -z "${USE_IMC_SWIMA_TRUE}" && test -z "${USE_IMC_SWIMA_FALSE}"; then
as_fn_error $? "conditional \"USE_IMC_SWIMA\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -26977,10 +26949,6 @@ if test -z "${USE_LOCK_PROFILER_TRUE}" && test -z "${USE_LOCK_PROFILER_FALSE}";
as_fn_error $? "conditional \"USE_LOCK_PROFILER\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
fi
-if test -z "${USE_DUMM_TRUE}" && test -z "${USE_DUMM_FALSE}"; then
- as_fn_error $? "conditional \"USE_DUMM\" was never defined.
-Usually this means the macro was only invoked conditionally." "$LINENO" 5
-fi
if test -z "${USE_FAST_TRUE}" && test -z "${USE_FAST_FALSE}"; then
as_fn_error $? "conditional \"USE_FAST\" was never defined.
Usually this means the macro was only invoked conditionally." "$LINENO" 5
@@ -27582,7 +27550,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by strongSwan $as_me 5.6.3, which was
+This file was extended by strongSwan $as_me 5.7.0, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -27648,7 +27616,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-strongSwan config.status 5.6.3
+strongSwan config.status 5.7.0
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
@@ -28119,6 +28087,7 @@ do
"src/libstrongswan/plugins/padlock/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/padlock/Makefile" ;;
"src/libstrongswan/plugins/openssl/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/openssl/Makefile" ;;
"src/libstrongswan/plugins/gcrypt/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/gcrypt/Makefile" ;;
+ "src/libstrongswan/plugins/botan/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/botan/Makefile" ;;
"src/libstrongswan/plugins/agent/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/agent/Makefile" ;;
"src/libstrongswan/plugins/keychain/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/keychain/Makefile" ;;
"src/libstrongswan/plugins/pkcs11/Makefile") CONFIG_FILES="$CONFIG_FILES src/libstrongswan/plugins/pkcs11/Makefile" ;;
@@ -28158,8 +28127,6 @@ do
"src/libimcv/plugins/imv_os/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imv_os/Makefile" ;;
"src/libimcv/plugins/imc_attestation/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imc_attestation/Makefile" ;;
"src/libimcv/plugins/imv_attestation/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imv_attestation/Makefile" ;;
- "src/libimcv/plugins/imc_swid/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imc_swid/Makefile" ;;
- "src/libimcv/plugins/imv_swid/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imv_swid/Makefile" ;;
"src/libimcv/plugins/imc_swima/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imc_swima/Makefile" ;;
"src/libimcv/plugins/imv_swima/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imv_swima/Makefile" ;;
"src/libimcv/plugins/imc_hcd/Makefile") CONFIG_FILES="$CONFIG_FILES src/libimcv/plugins/imc_hcd/Makefile" ;;
@@ -28262,8 +28229,6 @@ do
"src/pki/Makefile") CONFIG_FILES="$CONFIG_FILES src/pki/Makefile" ;;
"src/pki/man/Makefile") CONFIG_FILES="$CONFIG_FILES src/pki/man/Makefile" ;;
"src/pool/Makefile") CONFIG_FILES="$CONFIG_FILES src/pool/Makefile" ;;
- "src/dumm/Makefile") CONFIG_FILES="$CONFIG_FILES src/dumm/Makefile" ;;
- "src/dumm/ext/extconf.rb") CONFIG_FILES="$CONFIG_FILES src/dumm/ext/extconf.rb" ;;
"src/libfast/Makefile") CONFIG_FILES="$CONFIG_FILES src/libfast/Makefile" ;;
"src/manager/Makefile") CONFIG_FILES="$CONFIG_FILES src/manager/Makefile" ;;
"src/medsrv/Makefile") CONFIG_FILES="$CONFIG_FILES src/medsrv/Makefile" ;;
diff --git a/configure.ac b/configure.ac
index 807f06440..0a09fe5fe 100644
--- a/configure.ac
+++ b/configure.ac
@@ -19,7 +19,7 @@
# initialize & set some vars
# ============================
-AC_INIT([strongSwan],[5.6.3])
+AC_INIT([strongSwan],[5.7.0])
AM_INIT_AUTOMAKE(m4_esyscmd([
echo tar-ustar
echo subdir-objects
@@ -126,6 +126,7 @@ ARG_DISBL_SET([aes], [disable AES software implementation plugin.])
ARG_ENABL_SET([af-alg], [enable AF_ALG crypto interface to Linux Crypto API.])
ARG_ENABL_SET([bliss], [enable BLISS software implementation plugin.])
ARG_ENABL_SET([blowfish], [enable Blowfish software implementation plugin.])
+ARG_ENABL_SET([botan], [enables the Botan crypto plugin.])
ARG_ENABL_SET([ccm], [enables the CCM AEAD wrapper crypto plugin.])
ARG_ENABL_SET([chapoly], [enables the ChaCha20/Poly1305 AEAD plugin.])
ARG_DISBL_SET([cmac], [disable CMAC crypto implementation plugin.])
@@ -245,8 +246,6 @@ ARG_ENABL_SET([imc-os], [enable IMC operating system module.])
ARG_ENABL_SET([imv-os], [enable IMV operating system module.])
ARG_ENABL_SET([imc-attestation],[enable IMC attestation module.])
ARG_ENABL_SET([imv-attestation],[enable IMV attestation module.])
-ARG_ENABL_SET([imc-swid], [enable IMC swid module.])
-ARG_ENABL_SET([imv-swid], [enable IMV swid module.])
ARG_ENABL_SET([imc-swima], [enable IMC swima module.])
ARG_ENABL_SET([imv-swima], [enable IMV swima module.])
ARG_ENABL_SET([imc-hcd], [enable IMC hcd module.])
@@ -282,7 +281,6 @@ ARG_ENABL_SET([aikgen], [enable AIK generator for TPM 1.2.])
ARG_DISBL_SET([charon], [disable the IKEv1/IKEv2 keying daemon charon.])
ARG_ENABL_SET([cmd], [enable the command line IKE client charon-cmd.])
ARG_ENABL_SET([conftest], [enforce Suite B conformance test framework.])
-ARG_ENABL_SET([dumm], [enable the DUMM UML test framework.])
ARG_ENABL_SET([fast], [enable libfast (FastCGI Application Server w/ templates.])
ARG_ENABL_SET([fuzzing], [enable fuzzing scripts (found in directory fuzz).])
ARG_ENABL_SET([libipsec], [enable user space IPsec implementation.])
@@ -433,7 +431,7 @@ if test x$eap_radius = xtrue -o x$radattr = xtrue -o x$tnc_pdp = xtrue; then
radius=true;
fi
-if test x$tnc_imc = xtrue -o x$tnc_imv = xtrue -o x$tnccs_11 = xtrue -o x$tnccs_11 = xtrue -o x$tnccs_dynamic = xtrue -o x$eap_tnc = xtrue; then
+if test x$tnc_imc = xtrue -o x$tnc_imv = xtrue -o x$tnccs_11 = xtrue -o x$tnccs_20 = xtrue -o x$tnccs_dynamic = xtrue -o x$eap_tnc = xtrue; then
tnc_tnccs=true;
fi
@@ -441,7 +439,7 @@ if test x$eap_tls = xtrue -o x$eap_ttls = xtrue -o x$eap_peap = xtrue -o x$tnc_t
tls=true;
fi
-if test x$imc_test = xtrue -o x$imv_test = xtrue -o x$imc_scanner = xtrue -o x$imv_scanner = xtrue -o x$imc_os = xtrue -o x$imv_os = xtrue -o x$imc_attestation = xtrue -o x$imv_attestation = xtrue -o x$imc_swid = xtrue -o x$imv_swid = xtrue -o x$imc_swima = xtrue -o x$imv_swima = xtrue -o x$imc_hcd = xtrue -o x$imv_hcd = xtrue; then
+if test x$imc_test = xtrue -o x$imv_test = xtrue -o x$imc_scanner = xtrue -o x$imv_scanner = xtrue -o x$imc_os = xtrue -o x$imv_os = xtrue -o x$imc_attestation = xtrue -o x$imv_attestation = xtrue -o x$imc_swima = xtrue -o x$imv_swima = xtrue -o x$imc_hcd = xtrue -o x$imv_hcd = xtrue; then
imcv=true;
fi
@@ -1021,40 +1019,38 @@ if test x$tss_trousers = xtrue; then
fi
if test x$tss_tss2 = xtrue; then
+ PKG_CHECK_MODULES(tss2_sys, [tss2-sys],
+ [tss2_sys=true; AC_DEFINE([TSS2_SYS], [], [use TSS2 v2 System API])],
+ [tss2_sys=false])
+ PKG_CHECK_MODULES(tss2_esys, [tss2-esys],
+ [tss2_esys=true; AC_DEFINE([TSS2_ESYS], [], [use TSS2 v2 Extended System API])],
+ [tss2_esys=false])
PKG_CHECK_MODULES(tss2_tabrmd, [tcti-tabrmd],
[tss2_tabrmd=true; AC_DEFINE([TSS2_TCTI_TABRMD], [], [use TCTI Access Broker and Resource Mamager])],
[tss2_tabrmd=false])
PKG_CHECK_MODULES(tss2_socket, [tcti-socket],
[tss2_socket=true; AC_DEFINE([TSS2_TCTI_SOCKET], [], [use TCTI Sockets])],
[tss2_socket=false])
- if test x$tss2_tabrmd = xtrue -o x$tss2_socket = xtrue; then
- AC_DEFINE([TSS_TSS2], [], [use TSS 2.0 libraries])
+ if test x$tss2_sys = xtrue; then
+ AC_DEFINE([TSS_TSS2_V2], [], [use TSS 2.0 v2 libraries])
+ AC_SUBST(tss2_CFLAGS, "$tss2_sys_CFLAGS")
+ AC_SUBST(tss2_LIBS, "$tss2_sys_LIBS")
+ elif test x$tss2_tabrmd = xtrue -o x$tss2_socket = xtrue; then
+ AC_DEFINE([TSS_TSS2_V1], [], [use TSS 2.0 v1 libraries])
AC_SUBST(tss2_CFLAGS, "$tss2_tabrmd_CFLAGS $tss2_socket_CFLAGS")
AC_SUBST(tss2_LIBS, "$tss2_tabrmd_LIBS $tss2_socket_LIBS")
else
- AC_MSG_FAILURE([no TSS2 TCTI library detected])
+ AC_MSG_FAILURE([no TSS2 TCTI or SAPI libraries detected])
fi
fi
-if test x$imc_swima = xtrue -o $imv_swima = xtrue -o x$imv_swid = xtrue; then
+if test x$imc_swima = xtrue -o $imv_swima = xtrue; then
PKG_CHECK_MODULES(json, [json-c], [],
[PKG_CHECK_MODULES(json, [json])])
AC_SUBST(json_CFLAGS)
AC_SUBST(json_LIBS)
fi
-if test x$dumm = xtrue; then
- PKG_CHECK_MODULES(gtk, [gtk+-2.0 vte])
- AC_SUBST(gtk_CFLAGS)
- AC_SUBST(gtk_LIBS)
- AC_CHECK_PROGS(RUBY, ruby)
- PKG_CHECK_MODULES(ruby, [ruby])
- saved_LIBS=$LIBS
- LIBS=$ruby_LIBS
- AC_CHECK_FUNCS(rb_errinfo)
- LIBS=$saved_LIBS
-fi
-
if test x$fast = xtrue; then
AC_CHECK_LIB([neo_utl],[hdf_init],[LIBS="$LIBS"],[AC_MSG_ERROR([ClearSilver library neo_utl not found!])],[])
AC_MSG_CHECKING([for -lneo_cgi and dependencies])
@@ -1154,6 +1150,12 @@ if test x$gcrypt = xtrue; then
)
fi
+if test x$botan = xtrue; then
+ PKG_CHECK_MODULES(botan, [botan-2])
+ AC_SUBST(botan_CFLAGS)
+ AC_SUBST(botan_LIBS)
+fi
+
if test x$uci = xtrue; then
AC_CHECK_LIB([uci],[uci_alloc_context],[LIBS="$LIBS"],[AC_MSG_ERROR([UCI library libuci not found])],[])
AC_CHECK_HEADER([uci.h],,[AC_MSG_ERROR([UCI header uci.h not found!])])
@@ -1404,6 +1406,7 @@ ADD_PLUGIN([pem], [s charon scepclient pki scripts manager meds
ADD_PLUGIN([padlock], [s charon])
ADD_PLUGIN([openssl], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
ADD_PLUGIN([gcrypt], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
+ADD_PLUGIN([botan], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
ADD_PLUGIN([af-alg], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
ADD_PLUGIN([fips-prf], [s charon nm cmd])
ADD_PLUGIN([gmp], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
@@ -1573,6 +1576,7 @@ AM_CONDITIONAL(USE_SQLITE, test x$sqlite = xtrue)
AM_CONDITIONAL(USE_PADLOCK, test x$padlock = xtrue)
AM_CONDITIONAL(USE_OPENSSL, test x$openssl = xtrue)
AM_CONDITIONAL(USE_GCRYPT, test x$gcrypt = xtrue)
+AM_CONDITIONAL(USE_BOTAN, test x$botan = xtrue)
AM_CONDITIONAL(USE_AGENT, test x$agent = xtrue)
AM_CONDITIONAL(USE_KEYCHAIN, test x$keychain = xtrue)
AM_CONDITIONAL(USE_PKCS11, test x$pkcs11 = xtrue)
@@ -1660,8 +1664,6 @@ AM_CONDITIONAL(USE_IMC_OS, test x$imc_os = xtrue)
AM_CONDITIONAL(USE_IMV_OS, test x$imv_os = xtrue)
AM_CONDITIONAL(USE_IMC_ATTESTATION, test x$imc_attestation = xtrue)
AM_CONDITIONAL(USE_IMV_ATTESTATION, test x$imv_attestation = xtrue)
-AM_CONDITIONAL(USE_IMC_SWID, test x$imc_swid = xtrue)
-AM_CONDITIONAL(USE_IMV_SWID, test x$imv_swid = xtrue)
AM_CONDITIONAL(USE_IMC_SWIMA, test x$imc_swima = xtrue)
AM_CONDITIONAL(USE_IMV_SWIMA, test x$imv_swima = xtrue)
AM_CONDITIONAL(USE_IMC_HCD, test x$imc_hcd = xtrue)
@@ -1685,7 +1687,6 @@ AM_CONDITIONAL(USE_COUNTERS, test x$counters = xtrue)
# ---------------
AM_CONDITIONAL(USE_LEAK_DETECTIVE, test x$leak_detective = xtrue)
AM_CONDITIONAL(USE_LOCK_PROFILER, test x$lock_profiler = xtrue)
-AM_CONDITIONAL(USE_DUMM, test x$dumm = xtrue)
AM_CONDITIONAL(USE_FAST, test x$fast = xtrue)
AM_CONDITIONAL(USE_MANAGER, test x$manager = xtrue)
AM_CONDITIONAL(USE_ME, test x$mediation = xtrue)
@@ -1766,7 +1767,7 @@ fi
if test x$fuzzing = xtrue; then
AC_DEFINE([USE_FUZZING], [], [build code for fuzzing])
fi
-if test x$imc_swima = xtrue -o x$imv_swima = xtrue -o x$imv_swid = xtrue ; then
+if test x$imc_swima = xtrue -o x$imv_swima = xtrue; then
AC_DEFINE([USE_JSON], [], [build code for JSON])
fi
@@ -1854,6 +1855,7 @@ AC_CONFIG_FILES([
src/libstrongswan/plugins/padlock/Makefile
src/libstrongswan/plugins/openssl/Makefile
src/libstrongswan/plugins/gcrypt/Makefile
+ src/libstrongswan/plugins/botan/Makefile
src/libstrongswan/plugins/agent/Makefile
src/libstrongswan/plugins/keychain/Makefile
src/libstrongswan/plugins/pkcs11/Makefile
@@ -1893,8 +1895,6 @@ AC_CONFIG_FILES([
src/libimcv/plugins/imv_os/Makefile
src/libimcv/plugins/imc_attestation/Makefile
src/libimcv/plugins/imv_attestation/Makefile
- src/libimcv/plugins/imc_swid/Makefile
- src/libimcv/plugins/imv_swid/Makefile
src/libimcv/plugins/imc_swima/Makefile
src/libimcv/plugins/imv_swima/Makefile
src/libimcv/plugins/imc_hcd/Makefile
@@ -1997,8 +1997,6 @@ AC_CONFIG_FILES([
src/pki/Makefile
src/pki/man/Makefile
src/pool/Makefile
- src/dumm/Makefile
- src/dumm/ext/extconf.rb
src/libfast/Makefile
src/manager/Makefile
src/medsrv/Makefile
diff --git a/fuzz/Makefile.am b/fuzz/Makefile.am
index 3962896f6..df228d38b 100644
--- a/fuzz/Makefile.am
+++ b/fuzz/Makefile.am
@@ -1,5 +1,10 @@
AM_CPPFLAGS = @CPPFLAGS@ \
-I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libimcv \
+ -I$(top_srcdir)/src/libtncif \
+ -I$(top_srcdir)/src/libtpmtss \
+ -I$(top_srcdir)/src/libtnccs \
+ -I$(top_srcdir)/src/libtnccs/plugins/tnccs_20 \
-DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
-DPLUGINS="\"${fuzz_plugins}\""
@@ -8,7 +13,18 @@ fuzz_ldflags = ${libfuzzer} \
-Wl,-Bstatic -lgmp -Wl,-Bdynamic \
@FUZZING_LDFLAGS@
-FUZZ_TARGETS=fuzz_certs fuzz_crls
+pa_tnc_ldflags = \
+ $(top_builddir)/src/libimcv/.libs/libimcv.a \
+ $(top_builddir)/src/libtncif/.libs/libtncif.a \
+ $(top_builddir)/src/libtpmtss/.libs/libtpmtss.a \
+ $(fuzz_ldflags)
+
+pb_tnc_ldflags = \
+ $(top_builddir)/src/libtnccs/.libs/libtnccs.a \
+ $(top_builddir)/src/libtncif/.libs/libtncif.a \
+ $(fuzz_ldflags)
+
+FUZZ_TARGETS=fuzz_certs fuzz_crls fuzz_pa_tnc fuzz_pb_tnc
all-local: $(FUZZ_TARGETS)
@@ -20,6 +36,12 @@ fuzz_certs: fuzz_certs.c ${libfuzzer}
fuzz_crls: fuzz_crls.c ${libfuzzer}
$(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(fuzz_ldflags)
+fuzz_pa_tnc: fuzz_pa_tnc.c ${libfuzzer}
+ $(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(pa_tnc_ldflags)
+
+fuzz_pb_tnc: fuzz_pb_tnc.c ${libfuzzer}
+ $(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(pb_tnc_ldflags)
+
noinst_LIBRARIES = libFuzzerLocal.a
libFuzzerLocal_a_SOURCES = libFuzzerLocal.c
libFuzzerLocal_a_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
@@ -27,7 +49,6 @@ libFuzzerLocal_a_LIBADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
check: all
for f in $(FUZZ_TARGETS); do \
corpus=$${f#fuzz_}; \
- corpus=$${corpus%%_*}; \
./$$f $(FUZZING_CORPORA)/$${corpus}/*; \
crashes=$(FUZZING_CORPORA)/$${corpus}-crash; \
test ! -d $${crashes} || ./$$f $${crashes}/*; \
diff --git a/fuzz/Makefile.in b/fuzz/Makefile.in
index 2a69eef19..693e0a38d 100644
--- a/fuzz/Makefile.in
+++ b/fuzz/Makefile.in
@@ -283,7 +283,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -309,6 +308,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -329,8 +330,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -385,8 +384,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -415,8 +412,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
@@ -424,6 +425,11 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
AM_CPPFLAGS = @CPPFLAGS@ \
-I$(top_srcdir)/src/libstrongswan \
+ -I$(top_srcdir)/src/libimcv \
+ -I$(top_srcdir)/src/libtncif \
+ -I$(top_srcdir)/src/libtpmtss \
+ -I$(top_srcdir)/src/libtnccs \
+ -I$(top_srcdir)/src/libtnccs/plugins/tnccs_20 \
-DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
-DPLUGINS="\"${fuzz_plugins}\""
@@ -432,7 +438,18 @@ fuzz_ldflags = ${libfuzzer} \
-Wl,-Bstatic -lgmp -Wl,-Bdynamic \
@FUZZING_LDFLAGS@
-FUZZ_TARGETS = fuzz_certs fuzz_crls
+pa_tnc_ldflags = \
+ $(top_builddir)/src/libimcv/.libs/libimcv.a \
+ $(top_builddir)/src/libtncif/.libs/libtncif.a \
+ $(top_builddir)/src/libtpmtss/.libs/libtpmtss.a \
+ $(fuzz_ldflags)
+
+pb_tnc_ldflags = \
+ $(top_builddir)/src/libtnccs/.libs/libtnccs.a \
+ $(top_builddir)/src/libtncif/.libs/libtncif.a \
+ $(fuzz_ldflags)
+
+FUZZ_TARGETS = fuzz_certs fuzz_crls fuzz_pa_tnc fuzz_pb_tnc
CLEANFILES = $(FUZZ_TARGETS)
noinst_LIBRARIES = libFuzzerLocal.a
libFuzzerLocal_a_SOURCES = libFuzzerLocal.c
@@ -732,10 +749,15 @@ fuzz_certs: fuzz_certs.c ${libfuzzer}
fuzz_crls: fuzz_crls.c ${libfuzzer}
$(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(fuzz_ldflags)
+fuzz_pa_tnc: fuzz_pa_tnc.c ${libfuzzer}
+ $(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(pa_tnc_ldflags)
+
+fuzz_pb_tnc: fuzz_pb_tnc.c ${libfuzzer}
+ $(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(pb_tnc_ldflags)
+
check: all
for f in $(FUZZ_TARGETS); do \
corpus=$${f#fuzz_}; \
- corpus=$${corpus%%_*}; \
./$$f $(FUZZING_CORPORA)/$${corpus}/*; \
crashes=$(FUZZING_CORPORA)/$${corpus}-crash; \
test ! -d $${crashes} || ./$$f $${crashes}/*; \
diff --git a/init/Makefile.in b/init/Makefile.in
index 2db9855d3..53b74211e 100644
--- a/init/Makefile.in
+++ b/init/Makefile.in
@@ -289,7 +289,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -315,6 +314,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -335,8 +336,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -391,8 +390,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -421,8 +418,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/init/systemd-swanctl/Makefile.in b/init/systemd-swanctl/Makefile.in
index a1af33e03..4318a84fe 100644
--- a/init/systemd-swanctl/Makefile.in
+++ b/init/systemd-swanctl/Makefile.in
@@ -257,7 +257,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -283,6 +282,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -303,8 +304,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -359,8 +358,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -389,8 +386,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/init/systemd-swanctl/strongswan-swanctl.service.in b/init/systemd-swanctl/strongswan-swanctl.service.in
index e53c0c6ad..db8266a63 100644
--- a/init/systemd-swanctl/strongswan-swanctl.service.in
+++ b/init/systemd-swanctl/strongswan-swanctl.service.in
@@ -7,6 +7,7 @@ Type=notify
ExecStart=@SBINDIR@/charon-systemd
ExecStartPost=@SBINDIR@/swanctl --load-all --noprompt
ExecReload=@SBINDIR@/swanctl --reload
+ExecReload=@SBINDIR@/swanctl --load-all --noprompt
Restart=on-abnormal
[Install]
diff --git a/init/systemd/Makefile.in b/init/systemd/Makefile.in
index f79f43a13..122d290fd 100644
--- a/init/systemd/Makefile.in
+++ b/init/systemd/Makefile.in
@@ -257,7 +257,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -283,6 +282,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -303,8 +304,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -359,8 +358,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -389,8 +386,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/init/systemd/strongswan.service.in b/init/systemd/strongswan.service.in
index 8060d1ea2..474284a19 100644
--- a/init/systemd/strongswan.service.in
+++ b/init/systemd/strongswan.service.in
@@ -1,10 +1,9 @@
[Unit]
Description=strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf
-After=network-online.target
+After=syslog.target network-online.target
[Service]
ExecStart=@SBINDIR@/@IPSEC_SCRIPT@ start --nofork
-ExecReload=@SBINDIR@/@IPSEC_SCRIPT@ reload
StandardOutput=syslog
Restart=on-abnormal
diff --git a/man/Makefile.in b/man/Makefile.in
index 9b793627d..3d0409f0c 100644
--- a/man/Makefile.in
+++ b/man/Makefile.in
@@ -263,7 +263,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -289,6 +288,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -309,8 +310,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -365,8 +364,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -395,8 +392,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/scripts/Makefile.in b/scripts/Makefile.in
index b13d3c5c6..a27f89f5c 100644
--- a/scripts/Makefile.in
+++ b/scripts/Makefile.in
@@ -371,7 +371,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -397,6 +396,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -417,8 +418,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -473,8 +472,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -503,8 +500,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/scripts/settings-test.c b/scripts/settings-test.c
index 2169552ac..04637d0a9 100644
--- a/scripts/settings-test.c
+++ b/scripts/settings-test.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014 Tobias Brunner
+ * Copyright (C) 2014-2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -29,21 +29,32 @@
bool settings_parser_parse_file(void *this, char *name);
/**
- * Recursively print the section and all subsections/settings
+ * Produce indentation for the given level
*/
-static void print_section(section_t *section, int level)
+static void get_indent(char indent[BUF_LEN], int level)
{
- section_t *sub;
- kv_t *kv;
int i;
- char indent[256];
- for (i = 0; i < level * 2 && i < sizeof(indent) - 2; i += 2)
+ for (i = 0; i < level * 2 && i < BUF_LEN - 2; i += 2)
{
indent[i ] = ' ';
indent[i+1] = ' ';
}
indent[i] = '\0';
+}
+
+/**
+ * Recursively print the section and all subsections/settings
+ */
+static void print_section(section_t *section, int level)
+{
+ section_t *sub;
+ section_ref_t *ref;
+ kv_t *kv;
+ char indent[BUF_LEN];
+ int i, j;
+
+ get_indent(indent, level);
for (i = 0; i < array_count(section->kv_order); i++)
{
@@ -53,12 +64,52 @@ static void print_section(section_t *section, int level)
for (i = 0; i < array_count(section->sections_order); i++)
{
array_get(section->sections_order, i, &sub);
- printf("%s%s {\n", indent, sub->name);
+ printf("%s%s", indent, sub->name);
+ if (array_count(sub->references))
+ {
+ for (j = 0; j < array_count(sub->references); j++)
+ {
+ array_get(sub->references, j, &ref);
+ printf("%s%s", j == 0 ? " : " : ", ", ref->name);
+ }
+ }
+ printf(" {\n");
print_section(sub, level + 1);
printf("%s}\n", indent);
}
}
+/**
+ * Recursively print a given section and all subsections/settings
+ */
+static void print_settings_section(settings_t *settings, char *section,
+ int level)
+{
+ enumerator_t *enumerator;
+ char indent[BUF_LEN], buf[BUF_LEN], *key, *value;
+
+ get_indent(indent, level);
+
+ enumerator = settings->create_key_value_enumerator(settings, section);
+ while (enumerator->enumerate(enumerator, &key, &value))
+ {
+ printf("%s%s = %s\n", indent, key, value);
+
+ }
+ enumerator->destroy(enumerator);
+
+ enumerator = settings->create_section_enumerator(settings, section);
+ while (enumerator->enumerate(enumerator, &key))
+ {
+ printf("%s%s {\n", indent, key);
+ snprintf(buf, sizeof(buf), "%s%s%s", section,
+ strlen(section) ? "." : "", key);
+ print_settings_section(settings, buf, level + 1);
+ printf("%s}\n", indent);
+ }
+ enumerator->destroy(enumerator);
+}
+
static void usage(FILE *out, char *name)
{
fprintf(out, "Test strongswan.conf parser\n\n");
@@ -66,6 +117,7 @@ static void usage(FILE *out, char *name)
fprintf(out, "Options:\n");
fprintf(out, " -h, --help print this help.\n");
fprintf(out, " -d, --debug enables debugging of the parser.\n");
+ fprintf(out, " -r, --resolve displays the settings with references/redefines resolved.\n");
fprintf(out, " -f, --file=FILE config file to load (default STDIN).\n");
fprintf(out, "\n");
}
@@ -73,12 +125,7 @@ static void usage(FILE *out, char *name)
int main(int argc, char *argv[])
{
char *file = NULL;
-
- /* don't load strongswan.conf */
- library_init("", "settings-test");
- atexit(library_deinit);
-
- dbg_default_set_level(3);
+ bool resolve = FALSE;
while (true)
{
@@ -86,9 +133,10 @@ int main(int argc, char *argv[])
{"help", no_argument, NULL, 'h' },
{"debug", no_argument, NULL, 'd' },
{"file", required_argument, NULL, 'f' },
+ {"resolve", no_argument, NULL, 'r' },
{0,0,0,0 },
};
- switch (getopt_long(argc, argv, "hdf:", long_opts, NULL))
+ switch (getopt_long(argc, argv, "hdf:r", long_opts, NULL))
{
case EOF:
break;
@@ -101,6 +149,9 @@ int main(int argc, char *argv[])
case 'f':
file = optarg;
continue;
+ case 'r':
+ resolve = TRUE;
+ continue;
default:
usage(stderr, argv[0]);
return 1;
@@ -108,15 +159,32 @@ int main(int argc, char *argv[])
break;
}
+ /* don't load strongswan.conf */
+ library_init("", "settings-test");
+ atexit(library_deinit);
+
+ dbg_default_set_level(3);
+
if (file)
{
- section_t *root = settings_section_create(strdup("root"));
+ if (resolve)
+ {
+ settings_t *settings = settings_create(file);
+
+ print_settings_section(settings, "", 0);
+
+ settings->destroy(settings);
+ }
+ else
+ {
+ section_t *root = settings_section_create(strdup("root"));
- settings_parser_parse_file(root, file);
+ settings_parser_parse_file(root, file);
- print_section(root, 0);
+ print_section(root, 0);
- settings_section_destroy(root, NULL);
+ settings_section_destroy(root, NULL);
+ }
}
else
{
diff --git a/scripts/thread_analysis.c b/scripts/thread_analysis.c
index 2861431ef..6e4058eee 100644
--- a/scripts/thread_analysis.c
+++ b/scripts/thread_analysis.c
@@ -260,8 +260,6 @@ int main(int argc, char *argv[])
printf(" <p>\n");
printf(" <hr/>\n");
printf(" <em>&copy; 2008\n");
- printf(" <a href=\"http://ita.hsr.ch?&L=1\" target=\"popup\">\n");
- printf(" ITA Institute for Internet Technologies and Applications</a> -\n");
printf(" <a href=\"http://www.hsr.ch/?&L=1\" target=\"popup\">\n");
printf(" HSR Hochschule f&uuml;r Technik Rapperswil</a>\n");
printf(" </em>\n");
diff --git a/src/Makefile.am b/src/Makefile.am
index e2747c300..6eacbe293 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -88,10 +88,6 @@ if USE_CONFTEST
SUBDIRS += conftest
endif
-if USE_DUMM
- SUBDIRS += dumm
-endif
-
if USE_FAST
SUBDIRS += libfast
endif
diff --git a/src/Makefile.in b/src/Makefile.in
index 9aa3cb166..24c8414d8 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -109,21 +109,20 @@ host_triplet = @host@
@USE_PKI_TRUE@am__append_20 = pki
@USE_SWANCTL_TRUE@am__append_21 = swanctl
@USE_CONFTEST_TRUE@am__append_22 = conftest
-@USE_DUMM_TRUE@am__append_23 = dumm
-@USE_FAST_TRUE@am__append_24 = libfast
-@USE_MANAGER_TRUE@am__append_25 = manager
-@USE_MEDSRV_TRUE@am__append_26 = medsrv
-@USE_ATTR_SQL_TRUE@am__append_27 = pool
-@USE_ATTR_SQL_FALSE@@USE_SQL_TRUE@am__append_28 = pool
-@USE_TKM_TRUE@am__append_29 = charon-tkm
-@USE_CMD_TRUE@am__append_30 = charon-cmd
-@USE_SVC_TRUE@am__append_31 = charon-svc
-@USE_LIBPTTLS_TRUE@am__append_32 = pt-tls-client
-@USE_IMC_SWIMA_TRUE@am__append_33 = sw-collector
-@USE_IMV_SWIMA_TRUE@am__append_34 = sec-updater
-@USE_INTEGRITY_TEST_TRUE@am__append_35 = checksum
-@USE_AIKGEN_TRUE@am__append_36 = aikgen
-@USE_TPM_TRUE@am__append_37 = tpm_extendpcr
+@USE_FAST_TRUE@am__append_23 = libfast
+@USE_MANAGER_TRUE@am__append_24 = manager
+@USE_MEDSRV_TRUE@am__append_25 = medsrv
+@USE_ATTR_SQL_TRUE@am__append_26 = pool
+@USE_ATTR_SQL_FALSE@@USE_SQL_TRUE@am__append_27 = pool
+@USE_TKM_TRUE@am__append_28 = charon-tkm
+@USE_CMD_TRUE@am__append_29 = charon-cmd
+@USE_SVC_TRUE@am__append_30 = charon-svc
+@USE_LIBPTTLS_TRUE@am__append_31 = pt-tls-client
+@USE_IMC_SWIMA_TRUE@am__append_32 = sw-collector
+@USE_IMV_SWIMA_TRUE@am__append_33 = sec-updater
+@USE_INTEGRITY_TEST_TRUE@am__append_34 = checksum
+@USE_AIKGEN_TRUE@am__append_35 = aikgen
+@USE_TPM_TRUE@am__append_36 = tpm_extendpcr
subdir = src
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -200,7 +199,7 @@ CTAGS = ctags
DIST_SUBDIRS = . include libstrongswan libipsec libsimaka libtls \
libradius libtncif libtnccs libpttls libtpmtss libimcv \
libcharon starter ipsec _copyright charon charon-systemd \
- charon-nm stroke _updown scepclient pki swanctl conftest dumm \
+ charon-nm stroke _updown scepclient pki swanctl conftest \
libfast manager medsrv pool charon-tkm charon-cmd charon-svc \
pt-tls-client sw-collector sec-updater checksum aikgen \
tpm_extendpcr
@@ -330,7 +329,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -356,6 +354,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -376,8 +376,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -432,8 +430,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -462,8 +458,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
@@ -480,8 +480,7 @@ SUBDIRS = . include $(am__append_1) $(am__append_2) $(am__append_3) \
$(am__append_25) $(am__append_26) $(am__append_27) \
$(am__append_28) $(am__append_29) $(am__append_30) \
$(am__append_31) $(am__append_32) $(am__append_33) \
- $(am__append_34) $(am__append_35) $(am__append_36) \
- $(am__append_37)
+ $(am__append_34) $(am__append_35) $(am__append_36)
all: all-recursive
.SUFFIXES:
diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in
index af7a95df3..29a6f756c 100644
--- a/src/_copyright/Makefile.in
+++ b/src/_copyright/Makefile.in
@@ -279,7 +279,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -305,6 +304,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -325,8 +326,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -381,8 +380,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -411,8 +408,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in
index 86aca5ff9..a4979b679 100644
--- a/src/_updown/Makefile.in
+++ b/src/_updown/Makefile.in
@@ -257,7 +257,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -283,6 +282,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -303,8 +304,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -359,8 +358,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -389,8 +386,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/aikgen/Makefile.in b/src/aikgen/Makefile.in
index 7986a1d09..1ef4d4f94 100644
--- a/src/aikgen/Makefile.in
+++ b/src/aikgen/Makefile.in
@@ -280,7 +280,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -306,6 +305,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -326,8 +327,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -382,8 +381,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -412,8 +409,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/charon-cmd/Makefile.in b/src/charon-cmd/Makefile.in
index b9fe0b7f6..20984c4ad 100644
--- a/src/charon-cmd/Makefile.in
+++ b/src/charon-cmd/Makefile.in
@@ -317,7 +317,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -343,6 +342,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -363,8 +364,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -419,8 +418,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -449,8 +446,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in
index 3cff97e7c..f5258ccf7 100644
--- a/src/charon-nm/Makefile.in
+++ b/src/charon-nm/Makefile.in
@@ -316,7 +316,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -342,6 +341,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -362,8 +363,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -418,8 +417,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -448,8 +445,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
index a12f008a7..fb9044d29 100644
--- a/src/charon-nm/nm/nm_service.c
+++ b/src/charon-nm/nm/nm_service.c
@@ -698,7 +698,7 @@ static gboolean need_secrets(NMVpnServicePlugin *plugin, NMConnection *connectio
/* try to load/decrypt the private key */
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
- KEY_RSA, BUILD_FROM_FILE, path, BUILD_END);
+ KEY_ANY, BUILD_FROM_FILE, path, BUILD_END);
if (key)
{
key->destroy(key);
diff --git a/src/charon-svc/Makefile.in b/src/charon-svc/Makefile.in
index 8da578457..27a006b8a 100644
--- a/src/charon-svc/Makefile.in
+++ b/src/charon-svc/Makefile.in
@@ -280,7 +280,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -306,6 +305,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -326,8 +327,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -382,8 +381,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -412,8 +409,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/charon-systemd/Makefile.in b/src/charon-systemd/Makefile.in
index f28204b33..35ae48d3a 100644
--- a/src/charon-systemd/Makefile.in
+++ b/src/charon-systemd/Makefile.in
@@ -284,7 +284,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -310,6 +309,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -330,8 +331,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -386,8 +385,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -416,8 +413,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/charon-systemd/charon-systemd.c b/src/charon-systemd/charon-systemd.c
index 5a1970b92..d06c26974 100644
--- a/src/charon-systemd/charon-systemd.c
+++ b/src/charon-systemd/charon-systemd.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2012 Tobias Brunner
+ * Copyright (C) 2006-2018 Tobias Brunner
* Copyright (C) 2005-2014 Martin Willi
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005 Jan Hutter
@@ -79,9 +79,9 @@ typedef struct journal_logger_t journal_logger_t;
struct journal_logger_t {
/**
- * Implements logger_t
+ * Public interface
*/
- logger_t logger;
+ custom_logger_t public;
/**
* Configured loglevels
@@ -171,66 +171,37 @@ METHOD(logger_t, get_level, level_t,
return level;
}
-/**
- * Reload journal logger configuration
- */
-CALLBACK(journal_reload, bool,
- journal_logger_t **journal)
+METHOD(custom_logger_t, set_level, void,
+ journal_logger_t *this, debug_t group, level_t level)
{
- journal_logger_t *this = *journal;
- debug_t group;
- level_t def;
-
- def = lib->settings->get_int(lib->settings, "%s.journal.default", 1, lib->ns);
-
this->lock->write_lock(this->lock);
- for (group = 0; group < DBG_MAX; group++)
- {
- this->levels[group] =
- lib->settings->get_int(lib->settings,
- "%s.journal.%N", def, lib->ns, debug_lower_names, group);
- }
+ this->levels[group] = level;
this->lock->unlock(this->lock);
+}
- charon->bus->add_logger(charon->bus, &this->logger);
-
- return TRUE;
+METHOD(custom_logger_t, logger_destroy, void,
+ journal_logger_t *this)
+{
+ this->lock->destroy(this->lock);
+ free(this);
}
-/**
- * Initialize/deinitialize journal logger
- */
-static bool journal_register(void *plugin, plugin_feature_t *feature,
- bool reg, journal_logger_t **logger)
+static custom_logger_t *journal_logger_create(const char *name)
{
journal_logger_t *this;
- if (reg)
- {
- INIT(this,
+ INIT(this,
+ .public = {
.logger = {
.vlog = _vlog,
.get_level = _get_level,
},
- .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
- );
-
- journal_reload(&this);
-
- *logger = this;
- return TRUE;
- }
- else
- {
- this = *logger;
-
- charon->bus->remove_logger(charon->bus, &this->logger);
-
- this->lock->destroy(this->lock);
- free(this);
-
- return TRUE;
- }
+ .set_level = _set_level,
+ .destroy = _logger_destroy,
+ },
+ .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+ );
+ return &this->public;
}
/**
@@ -328,19 +299,6 @@ static void segv_handler(int signal)
}
/**
- * The journal logger instance
- */
-static journal_logger_t *journal;
-
-/**
- * Journal static features
- */
-static plugin_feature_t features[] = {
- PLUGIN_CALLBACK((plugin_feature_callback_t)journal_register, &journal),
- PLUGIN_PROVIDE(CUSTOM, "systemd-journal"),
-};
-
-/**
* Add namespace alias
*/
static void __attribute__ ((constructor))register_namespace()
@@ -350,6 +308,14 @@ static void __attribute__ ((constructor))register_namespace()
}
/**
+ * Register journal logger
+ */
+static void __attribute__ ((constructor))register_logger()
+{
+ register_custom_logger("journal", journal_logger_create);
+}
+
+/**
* Main function, starts the daemon.
*/
int main(int argc, char *argv[])
@@ -390,10 +356,15 @@ int main(int argc, char *argv[])
sd_notifyf(0, "STATUS=unknown uid/gid");
return SS_RC_INITIALIZATION_FAILED;
}
- charon->load_loggers(charon);
+ /* we registered the journal logger as custom logger, which gets its
+ * settings from <ns>.customlog.journal, let it fallback to <ns>.journal */
+ lib->settings->add_fallback(lib->settings, "%s.customlog.journal",
+ "%s.journal", lib->ns);
+ /* load the journal logger by default */
+ lib->settings->set_default_str(lib->settings, "%s.journal.default", "1",
+ lib->ns);
- lib->plugins->add_static_features(lib->plugins, lib->ns, features,
- countof(features), TRUE, journal_reload, &journal);
+ charon->load_loggers(charon);
if (!charon->initialize(charon,
lib->settings->get_str(lib->settings, "%s.load", PLUGINS, lib->ns)))
diff --git a/src/charon-tkm/Makefile.in b/src/charon-tkm/Makefile.in
index c2762f031..bb6bde8d9 100644
--- a/src/charon-tkm/Makefile.in
+++ b/src/charon-tkm/Makefile.in
@@ -227,7 +227,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -253,6 +252,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -273,8 +274,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -329,8 +328,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -359,8 +356,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c
index 71ad821dd..1107c2219 100644
--- a/src/charon-tkm/src/tkm/tkm_keymat.c
+++ b/src/charon-tkm/src/tkm/tkm_keymat.c
@@ -385,8 +385,8 @@ METHOD(keymat_t, get_aead, aead_t*,
METHOD(keymat_v2_t, get_auth_octets, bool,
private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init,
- chunk_t nonce, identification_t *id, char reserved[3], chunk_t *octets,
- array_t *schemes)
+ chunk_t nonce, chunk_t ppk, identification_t *id, char reserved[3],
+ chunk_t *octets, array_t *schemes)
{
sign_info_t *sign;
@@ -428,7 +428,8 @@ METHOD(keymat_v2_t, get_skd, pseudo_random_function_t,
METHOD(keymat_v2_t, get_psk_sig, bool,
private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce,
- chunk_t secret, identification_t *id, char reserved[3], chunk_t *sig)
+ chunk_t secret, chunk_t ppk, identification_t *id, char reserved[3],
+ chunk_t *sig)
{
return FALSE;
}
@@ -522,6 +523,7 @@ tkm_keymat_t *tkm_keymat_create(bool initiator)
.destroy = _destroy,
},
.derive_ike_keys = _derive_ike_keys,
+ .derive_ike_keys_ppk = (void*)return_false,
.derive_child_keys = _derive_child_keys,
.get_skd = _get_skd,
.get_auth_octets = _get_auth_octets,
diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in
index 14bde277c..b631742cc 100644
--- a/src/charon/Makefile.in
+++ b/src/charon/Makefile.in
@@ -283,7 +283,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -309,6 +308,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -329,8 +330,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -385,8 +384,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -415,8 +412,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/charon/charon.c b/src/charon/charon.c
index 180486746..19f6c4cf7 100644
--- a/src/charon/charon.c
+++ b/src/charon/charon.c
@@ -231,15 +231,24 @@ static bool check_pidfile()
DBG1(DBG_LIB, "setting FD_CLOEXEC for '"PID_FILE"' failed: %s",
strerror(errno));
}
- /* Only fchown() the pidfile if we have CAP_CHOWN. Otherwise,
- * directory permissions should allow pidfile to be accessed
- * by the UID/GID under which the charon daemon will run. */
+ /* Only change owner of the pidfile if we have CAP_CHOWN. Otherwise,
+ * attempt to change group of pidfile to group under which charon
+ * runs after dropping caps. This requires the user that charon
+ * starts as to:
+ * a) Have write access to the socket dir.
+ * b) Belong to the group that charon will run under after dropping
+ * caps. */
if (lib->caps->check(lib->caps, CAP_CHOWN))
{
ignore_result(fchown(fd,
lib->caps->get_uid(lib->caps),
lib->caps->get_gid(lib->caps)));
}
+ else
+ {
+ ignore_result(fchown(fd, -1,
+ lib->caps->get_gid(lib->caps)));
+ }
fprintf(pidfile, "%d\n", getpid());
fflush(pidfile);
return FALSE;
diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in
index f46302994..a262ba087 100644
--- a/src/checksum/Makefile.in
+++ b/src/checksum/Makefile.in
@@ -355,7 +355,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -381,6 +380,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -401,8 +402,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -457,8 +456,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -487,8 +484,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/conftest/Makefile.in b/src/conftest/Makefile.in
index 1ea430c63..a831eb6ee 100644
--- a/src/conftest/Makefile.in
+++ b/src/conftest/Makefile.in
@@ -297,7 +297,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -323,6 +322,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -343,8 +344,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -399,8 +398,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -429,8 +426,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/conftest/README b/src/conftest/README
index d37539a16..404b2d1e5 100644
--- a/src/conftest/README
+++ b/src/conftest/README
@@ -100,7 +100,7 @@ The IKE_SA configuration uses the following options (as key/value pairs):
scenario
rsa_strength: Connection requires a trustchain with RSA keys of given bits
ecdsa_strength: Connection requires a trustchain with ECDSA keys of given bits
- cert_policy: Connection requries a certificate with the given OID policy
+ cert_policy: Connection requires a certificate with the given OID policy
named_pool: Name of an IP pool defined e.g. in a database backend
The following CHILD_SA specific configuration options are supported:
diff --git a/src/conftest/hooks/pretend_auth.c b/src/conftest/hooks/pretend_auth.c
index 4be6f45db..5a86c5392 100644
--- a/src/conftest/hooks/pretend_auth.c
+++ b/src/conftest/hooks/pretend_auth.c
@@ -237,8 +237,8 @@ static bool build_auth(private_pretend_auth_t *this,
return FALSE;
}
keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa);
- if (!keymat->get_auth_octets(keymat, TRUE, this->ike_init,
- this->nonce, this->id, this->reserved,
+ if (!keymat->get_auth_octets(keymat, TRUE, this->ike_init, this->nonce,
+ chunk_empty, this->id, this->reserved,
&octets, NULL))
{
private->destroy(private);
diff --git a/src/conftest/hooks/rebuild_auth.c b/src/conftest/hooks/rebuild_auth.c
index bc20292a1..5676e307b 100644
--- a/src/conftest/hooks/rebuild_auth.c
+++ b/src/conftest/hooks/rebuild_auth.c
@@ -136,8 +136,8 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa,
return FALSE;
}
keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa);
- if (!keymat->get_auth_octets(keymat, FALSE, this->ike_init,
- this->nonce, id, reserved, &octets, NULL))
+ if (!keymat->get_auth_octets(keymat, FALSE, this->ike_init, this->nonce,
+ chunk_empty, id, reserved, &octets, NULL))
{
private->destroy(private);
id->destroy(id);
diff --git a/src/dumm/Makefile.am b/src/dumm/Makefile.am
deleted file mode 100644
index 0d1cfb704..000000000
--- a/src/dumm/Makefile.am
+++ /dev/null
@@ -1,34 +0,0 @@
-EXTRA_DIST = ext/dumm.c ext/README \
- ext/lib/dumm.rb ext/lib/dumm/guest.rb
-
-ipseclib_LTLIBRARIES = libdumm.la
-ipsec_PROGRAMS = dumm irdumm
-
-libdumm_la_SOURCES = dumm.c dumm.h guest.c guest.h iface.c iface.h \
- bridge.c bridge.h mconsole.c mconsole.h cowfs.h cowfs.c
-dumm_SOURCES = main.c
-irdumm_SOURCES = irdumm.c
-
-libdumm_la_LIBADD = -lbridge -lfuse -lutil $(top_builddir)/src/libstrongswan/libstrongswan.la
-dumm_LDADD = libdumm.la ${gtk_LIBS} $(top_builddir)/src/libstrongswan/libstrongswan.la
-irdumm_LDADD = libdumm.la ${ruby_LIBS} $(top_builddir)/src/libstrongswan/libstrongswan.la
-
-AM_CPPFLAGS = \
- -D_FILE_OFFSET_BITS=64 \
- -I$(top_srcdir)/src/libstrongswan
-
-dumm_CFLAGS = ${gtk_CFLAGS}
-irdumm_CFLAGS = ${ruby_CFLAGS}
-
-all-local: ext
-
-clean-local:
- (test -f ext/Makefile && cd ext && $(MAKE) clean && rm Makefile || true)
-
-install-data-local:
- (test -f ext/Makefile && cd ext && $(MAKE) install)
-
-ext: libdumm.la
- (cd ext && $(RUBY) extconf.rb && $(MAKE))
-
-.PHONY: ext
diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in
deleted file mode 100644
index 50b0abb64..000000000
--- a/src/dumm/Makefile.in
+++ /dev/null
@@ -1,914 +0,0 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-ipsec_PROGRAMS = dumm$(EXEEXT) irdumm$(EXEEXT)
-subdir = src/dumm
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
- $(top_srcdir)/m4/config/ltoptions.m4 \
- $(top_srcdir)/m4/config/ltsugar.m4 \
- $(top_srcdir)/m4/config/ltversion.m4 \
- $(top_srcdir)/m4/config/lt~obsolete.m4 \
- $(top_srcdir)/m4/macros/split-package-version.m4 \
- $(top_srcdir)/m4/macros/with.m4 \
- $(top_srcdir)/m4/macros/enable-disable.m4 \
- $(top_srcdir)/m4/macros/add-plugin.m4 \
- $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__installdirs = "$(DESTDIR)$(ipseclibdir)" "$(DESTDIR)$(ipsecdir)"
-LTLIBRARIES = $(ipseclib_LTLIBRARIES)
-libdumm_la_DEPENDENCIES = \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
-am_libdumm_la_OBJECTS = dumm.lo guest.lo iface.lo bridge.lo \
- mconsole.lo cowfs.lo
-libdumm_la_OBJECTS = $(am_libdumm_la_OBJECTS)
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
-PROGRAMS = $(ipsec_PROGRAMS)
-am_dumm_OBJECTS = dumm-main.$(OBJEXT)
-dumm_OBJECTS = $(am_dumm_OBJECTS)
-am__DEPENDENCIES_1 =
-dumm_DEPENDENCIES = libdumm.la $(am__DEPENDENCIES_1) \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
-dumm_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(dumm_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-am_irdumm_OBJECTS = irdumm-irdumm.$(OBJEXT)
-irdumm_OBJECTS = $(am_irdumm_OBJECTS)
-irdumm_DEPENDENCIES = libdumm.la $(am__DEPENDENCIES_1) \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
-irdumm_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(irdumm_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-SOURCES = $(libdumm_la_SOURCES) $(dumm_SOURCES) $(irdumm_SOURCES)
-DIST_SOURCES = $(libdumm_la_SOURCES) $(dumm_SOURCES) $(irdumm_SOURCES)
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-ALLOCA = @ALLOCA@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-ATOMICLIB = @ATOMICLIB@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BFDLIB = @BFDLIB@
-BTLIB = @BTLIB@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
-COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLIB = @DLLIB@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-EASY_INSTALL = @EASY_INSTALL@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
-GEM = @GEM@
-GENHTML = @GENHTML@
-GPERF = @GPERF@
-GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
-GPRBUILD = @GPRBUILD@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LCOV = @LCOV@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MYSQLCFLAG = @MYSQLCFLAG@
-MYSQLCONFIG = @MYSQLCONFIG@
-MYSQLLIB = @MYSQLLIB@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OPENSSL_LIB = @OPENSSL_LIB@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
-PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
-PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
-PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
-PTHREADLIB = @PTHREADLIB@
-PYTHON = @PYTHON@
-PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_VERSION = @PYTHON_VERSION@
-PY_TEST = @PY_TEST@
-RANLIB = @RANLIB@
-RTLIB = @RTLIB@
-RUBY = @RUBY@
-RUBYGEMDIR = @RUBYGEMDIR@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-SOCKLIB = @SOCKLIB@
-STRIP = @STRIP@
-UNWINDLIB = @UNWINDLIB@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-aikgen_plugins = @aikgen_plugins@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-attest_plugins = @attest_plugins@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-c_plugins = @c_plugins@
-charon_natt_port = @charon_natt_port@
-charon_plugins = @charon_plugins@
-charon_udp_port = @charon_udp_port@
-clearsilver_LIBS = @clearsilver_LIBS@
-cmd_plugins = @cmd_plugins@
-datadir = @datadir@
-datarootdir = @datarootdir@
-dev_headers = @dev_headers@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-fips_mode = @fips_mode@
-fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-imcvdir = @imcvdir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-ipsec_script = @ipsec_script@
-ipsec_script_upper = @ipsec_script_upper@
-ipsecdir = @ipsecdir@
-ipsecgroup = @ipsecgroup@
-ipseclibdir = @ipseclibdir@
-ipsecuser = @ipsecuser@
-json_CFLAGS = @json_CFLAGS@
-json_LIBS = @json_LIBS@
-libdir = @libdir@
-libexecdir = @libexecdir@
-libfuzzer = @libfuzzer@
-libiptc_CFLAGS = @libiptc_CFLAGS@
-libiptc_LIBS = @libiptc_LIBS@
-linux_headers = @linux_headers@
-localedir = @localedir@
-localstatedir = @localstatedir@
-manager_plugins = @manager_plugins@
-mandir = @mandir@
-medsrv_plugins = @medsrv_plugins@
-mkdir_p = @mkdir_p@
-nm_CFLAGS = @nm_CFLAGS@
-nm_LIBS = @nm_LIBS@
-nm_ca_dir = @nm_ca_dir@
-nm_plugins = @nm_plugins@
-oldincludedir = @oldincludedir@
-p_plugins = @p_plugins@
-pcsclite_CFLAGS = @pcsclite_CFLAGS@
-pcsclite_LIBS = @pcsclite_LIBS@
-pdfdir = @pdfdir@
-piddir = @piddir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-pki_plugins = @pki_plugins@
-plugindir = @plugindir@
-pool_plugins = @pool_plugins@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-random_device = @random_device@
-resolv_conf = @resolv_conf@
-routing_table = @routing_table@
-routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
-runstatedir = @runstatedir@
-s_plugins = @s_plugins@
-sbindir = @sbindir@
-scepclient_plugins = @scepclient_plugins@
-scripts_plugins = @scripts_plugins@
-sharedstatedir = @sharedstatedir@
-soup_CFLAGS = @soup_CFLAGS@
-soup_LIBS = @soup_LIBS@
-srcdir = @srcdir@
-starter_plugins = @starter_plugins@
-strongswan_conf = @strongswan_conf@
-strongswan_options = @strongswan_options@
-swanctldir = @swanctldir@
-sysconfdir = @sysconfdir@
-systemd_CFLAGS = @systemd_CFLAGS@
-systemd_LIBS = @systemd_LIBS@
-systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
-systemd_daemon_LIBS = @systemd_daemon_LIBS@
-systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
-systemd_journal_LIBS = @systemd_journal_LIBS@
-systemdsystemunitdir = @systemdsystemunitdir@
-t_plugins = @t_plugins@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-tss2_CFLAGS = @tss2_CFLAGS@
-tss2_LIBS = @tss2_LIBS@
-tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
-tss2_socket_LIBS = @tss2_socket_LIBS@
-tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
-tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
-urandom_device = @urandom_device@
-xml_CFLAGS = @xml_CFLAGS@
-xml_LIBS = @xml_LIBS@
-EXTRA_DIST = ext/dumm.c ext/README \
- ext/lib/dumm.rb ext/lib/dumm/guest.rb
-
-ipseclib_LTLIBRARIES = libdumm.la
-libdumm_la_SOURCES = dumm.c dumm.h guest.c guest.h iface.c iface.h \
- bridge.c bridge.h mconsole.c mconsole.h cowfs.h cowfs.c
-
-dumm_SOURCES = main.c
-irdumm_SOURCES = irdumm.c
-libdumm_la_LIBADD = -lbridge -lfuse -lutil $(top_builddir)/src/libstrongswan/libstrongswan.la
-dumm_LDADD = libdumm.la ${gtk_LIBS} $(top_builddir)/src/libstrongswan/libstrongswan.la
-irdumm_LDADD = libdumm.la ${ruby_LIBS} $(top_builddir)/src/libstrongswan/libstrongswan.la
-AM_CPPFLAGS = \
- -D_FILE_OFFSET_BITS=64 \
- -I$(top_srcdir)/src/libstrongswan
-
-dumm_CFLAGS = ${gtk_CFLAGS}
-irdumm_CFLAGS = ${ruby_CFLAGS}
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .o .obj
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/dumm/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/dumm/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-install-ipseclibLTLIBRARIES: $(ipseclib_LTLIBRARIES)
- @$(NORMAL_INSTALL)
- @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \
- list2=; for p in $$list; do \
- if test -f $$p; then \
- list2="$$list2 $$p"; \
- else :; fi; \
- done; \
- test -z "$$list2" || { \
- echo " $(MKDIR_P) '$(DESTDIR)$(ipseclibdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(ipseclibdir)" || exit 1; \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(ipseclibdir)'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(ipseclibdir)"; \
- }
-
-uninstall-ipseclibLTLIBRARIES:
- @$(NORMAL_UNINSTALL)
- @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \
- for p in $$list; do \
- $(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(ipseclibdir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(ipseclibdir)/$$f"; \
- done
-
-clean-ipseclibLTLIBRARIES:
- -test -z "$(ipseclib_LTLIBRARIES)" || rm -f $(ipseclib_LTLIBRARIES)
- @list='$(ipseclib_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-
-libdumm.la: $(libdumm_la_OBJECTS) $(libdumm_la_DEPENDENCIES) $(EXTRA_libdumm_la_DEPENDENCIES)
- $(AM_V_CCLD)$(LINK) -rpath $(ipseclibdir) $(libdumm_la_OBJECTS) $(libdumm_la_LIBADD) $(LIBS)
-install-ipsecPROGRAMS: $(ipsec_PROGRAMS)
- @$(NORMAL_INSTALL)
- @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \
- if test -n "$$list"; then \
- echo " $(MKDIR_P) '$(DESTDIR)$(ipsecdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" || exit 1; \
- fi; \
- for p in $$list; do echo "$$p $$p"; done | \
- sed 's/$(EXEEXT)$$//' | \
- while read p p1; do if test -f $$p \
- || test -f $$p1 \
- ; then echo "$$p"; echo "$$p"; else :; fi; \
- done | \
- sed -e 'p;s,.*/,,;n;h' \
- -e 's|.*|.|' \
- -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
- sed 'N;N;N;s,\n, ,g' | \
- $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
- { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
- if ($$2 == $$4) files[d] = files[d] " " $$1; \
- else { print "f", $$3 "/" $$4, $$1; } } \
- END { for (d in files) print "f", d, files[d] }' | \
- while read type dir files; do \
- if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
- test -z "$$files" || { \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \
- } \
- ; done
-
-uninstall-ipsecPROGRAMS:
- @$(NORMAL_UNINSTALL)
- @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \
- files=`for p in $$list; do echo "$$p"; done | \
- sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
- -e 's/$$/$(EXEEXT)/' \
- `; \
- test -n "$$list" || exit 0; \
- echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files
-
-clean-ipsecPROGRAMS:
- @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \
- echo " rm -f" $$list; \
- rm -f $$list || exit $$?; \
- test -n "$(EXEEXT)" || exit 0; \
- list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f" $$list; \
- rm -f $$list
-
-dumm$(EXEEXT): $(dumm_OBJECTS) $(dumm_DEPENDENCIES) $(EXTRA_dumm_DEPENDENCIES)
- @rm -f dumm$(EXEEXT)
- $(AM_V_CCLD)$(dumm_LINK) $(dumm_OBJECTS) $(dumm_LDADD) $(LIBS)
-
-irdumm$(EXEEXT): $(irdumm_OBJECTS) $(irdumm_DEPENDENCIES) $(EXTRA_irdumm_DEPENDENCIES)
- @rm -f irdumm$(EXEEXT)
- $(AM_V_CCLD)$(irdumm_LINK) $(irdumm_OBJECTS) $(irdumm_LDADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bridge.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cowfs.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dumm-main.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dumm.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/guest.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iface.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/irdumm-irdumm.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mconsole.Plo@am__quote@
-
-.c.o:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-dumm-main.o: main.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumm_CFLAGS) $(CFLAGS) -MT dumm-main.o -MD -MP -MF $(DEPDIR)/dumm-main.Tpo -c -o dumm-main.o `test -f 'main.c' || echo '$(srcdir)/'`main.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/dumm-main.Tpo $(DEPDIR)/dumm-main.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='main.c' object='dumm-main.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumm_CFLAGS) $(CFLAGS) -c -o dumm-main.o `test -f 'main.c' || echo '$(srcdir)/'`main.c
-
-dumm-main.obj: main.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumm_CFLAGS) $(CFLAGS) -MT dumm-main.obj -MD -MP -MF $(DEPDIR)/dumm-main.Tpo -c -o dumm-main.obj `if test -f 'main.c'; then $(CYGPATH_W) 'main.c'; else $(CYGPATH_W) '$(srcdir)/main.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/dumm-main.Tpo $(DEPDIR)/dumm-main.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='main.c' object='dumm-main.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumm_CFLAGS) $(CFLAGS) -c -o dumm-main.obj `if test -f 'main.c'; then $(CYGPATH_W) 'main.c'; else $(CYGPATH_W) '$(srcdir)/main.c'; fi`
-
-irdumm-irdumm.o: irdumm.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(irdumm_CFLAGS) $(CFLAGS) -MT irdumm-irdumm.o -MD -MP -MF $(DEPDIR)/irdumm-irdumm.Tpo -c -o irdumm-irdumm.o `test -f 'irdumm.c' || echo '$(srcdir)/'`irdumm.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/irdumm-irdumm.Tpo $(DEPDIR)/irdumm-irdumm.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='irdumm.c' object='irdumm-irdumm.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(irdumm_CFLAGS) $(CFLAGS) -c -o irdumm-irdumm.o `test -f 'irdumm.c' || echo '$(srcdir)/'`irdumm.c
-
-irdumm-irdumm.obj: irdumm.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(irdumm_CFLAGS) $(CFLAGS) -MT irdumm-irdumm.obj -MD -MP -MF $(DEPDIR)/irdumm-irdumm.Tpo -c -o irdumm-irdumm.obj `if test -f 'irdumm.c'; then $(CYGPATH_W) 'irdumm.c'; else $(CYGPATH_W) '$(srcdir)/irdumm.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/irdumm-irdumm.Tpo $(DEPDIR)/irdumm-irdumm.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='irdumm.c' object='irdumm-irdumm.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(irdumm_CFLAGS) $(CFLAGS) -c -o irdumm-irdumm.obj `if test -f 'irdumm.c'; then $(CYGPATH_W) 'irdumm.c'; else $(CYGPATH_W) '$(srcdir)/irdumm.c'; fi`
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) all-local
-installdirs:
- for dir in "$(DESTDIR)$(ipseclibdir)" "$(DESTDIR)$(ipsecdir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-ipsecPROGRAMS clean-ipseclibLTLIBRARIES \
- clean-libtool clean-local mostlyclean-am
-
-distclean: distclean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-ipsecPROGRAMS \
- install-ipseclibLTLIBRARIES
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-ipsecPROGRAMS uninstall-ipseclibLTLIBRARIES
-
-.MAKE: install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am all-local check check-am clean \
- clean-generic clean-ipsecPROGRAMS clean-ipseclibLTLIBRARIES \
- clean-libtool clean-local cscopelist-am ctags ctags-am \
- distclean distclean-compile distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-data-local install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-ipsecPROGRAMS \
- install-ipseclibLTLIBRARIES install-man install-pdf \
- install-pdf-am install-ps install-ps-am install-strip \
- installcheck installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS \
- uninstall-ipseclibLTLIBRARIES
-
-.PRECIOUS: Makefile
-
-
-all-local: ext
-
-clean-local:
- (test -f ext/Makefile && cd ext && $(MAKE) clean && rm Makefile || true)
-
-install-data-local:
- (test -f ext/Makefile && cd ext && $(MAKE) install)
-
-ext: libdumm.la
- (cd ext && $(RUBY) extconf.rb && $(MAKE))
-
-.PHONY: ext
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/src/dumm/bridge.c b/src/dumm/bridge.c
deleted file mode 100644
index 536e27515..000000000
--- a/src/dumm/bridge.c
+++ /dev/null
@@ -1,181 +0,0 @@
-/*
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <libbridge.h>
-
-#include <utils/debug.h>
-#include <collections/linked_list.h>
-
-#include "bridge.h"
-
-typedef struct private_bridge_t private_bridge_t;
-
-struct private_bridge_t {
- /** public interface */
- bridge_t public;
- /** device name */
- char *name;
- /** list of attached interfaces */
- linked_list_t *ifaces;
-};
-
-/**
- * defined in iface.c
- */
-bool iface_control(char *name, bool up);
-
-METHOD(bridge_t, get_name, char*,
- private_bridge_t *this)
-{
- return this->name;
-}
-
-METHOD(bridge_t, create_iface_enumerator, enumerator_t*,
- private_bridge_t *this)
-{
- return this->ifaces->create_enumerator(this->ifaces);
-}
-
-METHOD(bridge_t, disconnect_iface, bool,
- private_bridge_t *this, iface_t *iface)
-{
- enumerator_t *enumerator;
- iface_t *current = NULL;
- bool good = FALSE;
-
- enumerator = this->ifaces->create_enumerator(this->ifaces);
- while (enumerator->enumerate(enumerator, (void**)&current))
- {
- if (current == iface)
- {
- if (br_del_interface(this->name, iface->get_hostif(iface)) != 0)
- {
- DBG1(DBG_LIB, "removing iface '%s' from bridge '%s' in kernel"
- " failed: %m", iface->get_hostif(iface), this->name);
- }
- else
- {
- iface->set_bridge(iface, NULL);
- this->ifaces->remove_at(this->ifaces, enumerator);
- good = TRUE;
- }
- break;
- }
- }
- if (iface != current)
- {
- DBG1(DBG_LIB, "iface '%s' not found on bridge '%s'",
- iface->get_hostif(iface), this->name);
- }
- enumerator->destroy(enumerator);
- return good;
-}
-
-METHOD(bridge_t, connect_iface, bool,
- private_bridge_t *this, iface_t *iface)
-{
- if (br_add_interface(this->name, iface->get_hostif(iface)) != 0)
- {
- DBG1(DBG_LIB, "adding iface '%s' to bridge '%s' failed: %m",
- iface->get_hostif(iface), this->name);
- return FALSE;
- }
- iface->set_bridge(iface, &this->public);
- this->ifaces->insert_last(this->ifaces, iface);
- return TRUE;
-}
-
-/**
- * instance counter to (de-)initialize libbridge
- */
-static int instances = 0;
-
-METHOD(bridge_t, destroy, void,
- private_bridge_t *this)
-{
- enumerator_t *enumerator;
- iface_t *iface;
-
- enumerator = this->ifaces->create_enumerator(this->ifaces);
- while (enumerator->enumerate(enumerator, (void**)&iface))
- {
- if (br_del_interface(this->name, iface->get_hostif(iface)) != 0)
- {
- DBG1(DBG_LIB, "disconnecting iface '%s' failed: %m",
- iface->get_hostif(iface));
- }
- iface->set_bridge(iface, NULL);
- }
- enumerator->destroy(enumerator);
- this->ifaces->destroy(this->ifaces);
- iface_control(this->name, FALSE);
- if (br_del_bridge(this->name) != 0)
- {
- DBG1(DBG_LIB, "deleting bridge '%s' from kernel failed: %m",
- this->name);
- }
- free(this->name);
- free(this);
- if (--instances == 0)
- {
- br_shutdown();
- }
-}
-
-/**
- * create the bridge instance
- */
-bridge_t *bridge_create(char *name)
-{
- private_bridge_t *this;
-
- if (instances == 0)
- {
- if (br_init() != 0)
- {
- DBG1(DBG_LIB, "libbridge initialization failed: %m");
- return NULL;
- }
- }
-
- INIT(this,
- .public = {
- .get_name = _get_name,
- .create_iface_enumerator = _create_iface_enumerator,
- .disconnect_iface = _disconnect_iface,
- .connect_iface = _connect_iface,
- .destroy = _destroy,
- }
- );
-
- if (br_add_bridge(name) != 0)
- {
- DBG1(DBG_LIB, "creating bridge '%s' failed: %m", name);
- free(this);
- return NULL;
- }
- if (!iface_control(name, TRUE))
- {
- DBG1(DBG_LIB, "bringing bridge '%s' up failed: %m", name);
- }
-
- this->name = strdup(name);
- this->ifaces = linked_list_create();
-
- instances++;
- return &this->public;
-}
diff --git a/src/dumm/bridge.h b/src/dumm/bridge.h
deleted file mode 100644
index 5069cfd1b..000000000
--- a/src/dumm/bridge.h
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef BRIDGE_H
-#define BRIDGE_H
-
-#include <library.h>
-#include <collections/enumerator.h>
-
-typedef struct bridge_t bridge_t;
-
-#include "iface.h"
-
-/**
- * Interface in a guest, connected to a tap device on the host.
- */
-struct bridge_t {
-
- /**
- * Get the name of the bridge.
- *
- * @return name of the bridge
- */
- char* (*get_name)(bridge_t *this);
-
- /**
- * Add an interface to a bridge.
- *
- * @param iface interface to add
- * @return TRUE if interface added
- */
- bool (*connect_iface)(bridge_t *this, iface_t *iface);
-
- /**
- * Remove an interface from a bridge.
- *
- * @param iface interface to remove
- * @return TRUE if interface removed
- */
- bool (*disconnect_iface)(bridge_t *this, iface_t *iface);
-
- /**
- * Create an enumerator over all interfaces.
- *
- * @return enumerator over iface_t's
- */
- enumerator_t* (*create_iface_enumerator)(bridge_t *this);
-
- /**
- * Destroy a bridge
- */
- void (*destroy) (bridge_t *this);
-};
-
-/**
- * Create a new bridge.
- *
- * @param name name of the bridge to create
- * @return bridge, NULL if failed
- */
-bridge_t *bridge_create(char *name);
-
-#endif /* BRIDGE_H */
-
diff --git a/src/dumm/cowfs.c b/src/dumm/cowfs.c
deleted file mode 100644
index ac581fed1..000000000
--- a/src/dumm/cowfs.c
+++ /dev/null
@@ -1,980 +0,0 @@
-/*
- * Copyright (C) 2009 Tobias Brunner
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- * Copyright (C) 2001-2007 Miklos Szeredi
- *
- * Based on example shipped with FUSE.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-
-#define FUSE_USE_VERSION 26
-#define _GNU_SOURCE
-
-#include <fuse.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <dirent.h>
-#include <errno.h>
-#include <sys/time.h>
-
-#include "cowfs.h"
-
-#include <library.h>
-#include <utils/debug.h>
-#include <threading/thread.h>
-#include <threading/rwlock.h>
-#include <collections/linked_list.h>
-
-/** define _XOPEN_SOURCE 500 fails when using libstrongswan, define popen */
-extern ssize_t pread(int fd, void *buf, size_t count, off_t offset);
-extern ssize_t pwrite(int fd, const void *buf, size_t count, off_t offset);
-
-typedef struct private_cowfs_t private_cowfs_t;
-
-struct private_cowfs_t {
- /** public cowfs interface */
- cowfs_t public;
- /** fuse channel to mountpoint */
- struct fuse_chan *chan;
- /** fuse handle */
- struct fuse *fuse;
- /** mountpoint of cowfs FUSE */
- char *mount;
- /** master filesystem path */
- char *master;
- /** host filesystem path */
- char *host;
- /** overlay filesystems */
- linked_list_t *overlays;
- /** lock for overlays */
- rwlock_t *lock;
- /** fd of read only master filesystem */
- int master_fd;
- /** copy on write overlay to master */
- int host_fd;
- /** thread processing FUSE */
- thread_t *thread;
-};
-
-typedef struct overlay_t overlay_t;
-
-/**
- * data for overlay filesystems
- */
-struct overlay_t {
- /** path to overlay */
- char *path;
- /** overlay fd */
- int fd;
-};
-
-/**
- * destroy an overlay
- */
-static void overlay_destroy(overlay_t *this)
-{
- close(this->fd);
- free(this->path);
- free(this);
-}
-
-CALLBACK(overlay_equals, bool,
- overlay_t *this, va_list args)
-{
- overlay_t *other;
-
- VA_ARGS_VGET(args, other);
- return streq(this->path, other->path);
-}
-
-/**
- * remove and destroy the overlay with the given absolute path.
- * returns FALSE, if not found.
- */
-static bool overlay_remove(private_cowfs_t *this, char *path)
-{
- overlay_t over, *current;
- over.path = path;
- if (!this->overlays->find_first(this->overlays, overlay_equals,
- (void**)&current, &over))
- {
- return FALSE;
- }
- this->overlays->remove(this->overlays, current, NULL);
- overlay_destroy(current);
- return TRUE;
-}
-
-/**
- * get this pointer stored in fuse context
- */
-static private_cowfs_t *get_this()
-{
- return (fuse_get_context())->private_data;
-}
-
-/**
- * make a path relative
- */
-static void rel(const char **path)
-{
- if (**path == '/')
- {
- (*path)++;
- }
- if (**path == '\0')
- {
- *path = ".";
- }
-}
-
-/**
- * get the highest overlay in which path exists
- */
-static int get_rd(const char *path)
-{
- overlay_t *over;
- enumerator_t *enumerator;
- private_cowfs_t *this = get_this();
-
- this->lock->read_lock(this->lock);
- enumerator = this->overlays->create_enumerator(this->overlays);
- while (enumerator->enumerate(enumerator, (void**)&over))
- {
- if (faccessat(over->fd, path, F_OK, 0) == 0)
- {
- int fd = over->fd;
- enumerator->destroy(enumerator);
- this->lock->unlock(this->lock);
- return fd;
- }
- }
- enumerator->destroy(enumerator);
- this->lock->unlock(this->lock);
-
- if (faccessat(this->host_fd, path, F_OK, 0) == 0)
- {
- return this->host_fd;
- }
- return this->master_fd;
-}
-
-/**
- * get the highest overlay available, to write something
- */
-static int get_wr(const char *path)
-{
- overlay_t *over;
- private_cowfs_t *this = get_this();
- int fd = this->host_fd;
- this->lock->read_lock(this->lock);
- if (this->overlays->get_first(this->overlays, (void**)&over) == SUCCESS)
- {
- fd = over->fd;
- }
- this->lock->unlock(this->lock);
- return fd;
-}
-
-/**
- * create full "path" at "wr" the same way they exist at "rd"
- */
-static bool clone_path(int rd, int wr, const char *path)
-{
- char *pos, *full;
- struct stat st;
- full = strdupa(path);
- pos = full;
-
- while ((pos = strchr(pos, '/')))
- {
- *pos = '\0';
- if (fstatat(wr, full, &st, 0) < 0)
- {
- /* TODO: handle symlinks!? */
- if (fstatat(rd, full, &st, 0) < 0)
- {
- return FALSE;
- }
- if (mkdirat(wr, full, st.st_mode) < 0)
- {
- return FALSE;
- }
- }
- *pos = '/';
- pos++;
- }
- return TRUE;
-}
-
-/**
- * copy a (special) file from a readonly to a read-write overlay
- */
-static int copy(const char *path)
-{
- char *buf[4096];
- int len;
- int rd, wr;
- int from, to;
- struct stat st;
-
- rd = get_rd(path);
- wr = get_wr(path);
-
- if (rd == wr)
- {
- /* already writeable */
- return wr;
- }
- if (fstatat(rd, path, &st, 0) < 0)
- {
- return -1;
- }
- if (!clone_path(rd, wr, path))
- {
- return -1;
- }
- if (mknodat(wr, path, st.st_mode, st.st_rdev) < 0)
- {
- return -1;
- }
- /* copy if no special file */
- if (st.st_size)
- {
- from = openat(rd, path, O_RDONLY, st.st_mode);
- if (from < 0)
- {
- return -1;
- }
- to = openat(wr, path, O_WRONLY , st.st_mode);
- if (to < 0)
- {
- close(from);
- return -1;
- }
- while ((len = read(from, buf, sizeof(buf))) > 0)
- {
- if (write(to, buf, len) < len)
- {
- /* TODO: only on len < 0 ? */
- close(from);
- close(to);
- return -1;
- }
- }
- close(from);
- close(to);
- if (len < 0)
- {
- return -1;
- }
- }
- return wr;
-}
-
-/**
- * FUSE getattr method
- */
-static int cowfs_getattr(const char *path, struct stat *stbuf)
-{
- rel(&path);
-
- if (fstatat(get_rd(path), path, stbuf, AT_SYMLINK_NOFOLLOW) < 0)
- {
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE access method
- */
-static int cowfs_access(const char *path, int mask)
-{
- rel(&path);
-
- if (faccessat(get_rd(path), path, mask, 0) < 0)
- {
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE readlink method
- */
-static int cowfs_readlink(const char *path, char *buf, size_t size)
-{
- int res;
-
- rel(&path);
-
- res = readlinkat(get_rd(path), path, buf, size - 1);
- if (res < 0)
- {
- return -errno;
- }
- buf[res] = '\0';
- return 0;
-}
-
-/**
- * get a directory stream of two concatenated paths
- */
-static DIR* get_dir(char *dir, const char *subdir)
-{
- char *full;
-
- if (dir == NULL)
- {
- return NULL;
- }
-
- full = alloca(strlen(dir) + strlen(subdir) + 1);
- strcpy(full, dir);
- strcat(full, subdir);
-
- return opendir(full);
-}
-
-/**
- * check if a directory stream contains a directory
- */
-static bool contains_dir(DIR *d, char *dirname)
-{
- struct dirent *ent;
-
- rewinddir(d);
- while ((ent = readdir(d)))
- {
- if (streq(ent->d_name, dirname))
- {
- return TRUE;
- }
- }
- return FALSE;
-}
-
-/**
- * check if one of the higher overlays contains a directory
- */
-static bool overlays_contain_dir(DIR **d, char *dirname)
-{
- for (; *d; ++d)
- {
- if (contains_dir(*d, dirname))
- {
- return TRUE;
- }
- }
- return FALSE;
-}
-
-/**
- * FUSE readdir method
- */
-static int cowfs_readdir(const char *path, void *buf, fuse_fill_dir_t filler,
- off_t offset, struct fuse_file_info *fi)
-{
-#define ADD_DIR(overlay, base, path) ({\
- DIR *dir = get_dir(base, path);\
- if (dir) { *(--overlay) = dir; }\
-})
- private_cowfs_t *this = get_this();
- int count;
- DIR **d, **overlays;
- struct stat st;
- struct dirent *ent;
- overlay_t *over;
- enumerator_t *enumerator;
-
- memset(&st, 0, sizeof(st));
-
- this->lock->read_lock(this->lock);
- /* create a null-terminated array of DIR objects for all overlays (including
- * the master and host layer). the order is from bottom to top */
- count = this->overlays->get_count(this->overlays) + 2;
- overlays = calloc(count + 1, sizeof(DIR*));
- d = &overlays[count];
-
- enumerator = this->overlays->create_enumerator(this->overlays);
- while (enumerator->enumerate(enumerator, (void**)&over))
- {
- ADD_DIR(d, over->path, path);
- }
- enumerator->destroy(enumerator);
- this->lock->unlock(this->lock);
-
- ADD_DIR(d, this->host, path);
- ADD_DIR(d, this->master, path);
-
- for (; *d; ++d)
- {
- rewinddir(*d);
- while((ent = readdir(*d)))
- {
- if (!overlays_contain_dir(d + 1, ent->d_name))
- {
- st.st_ino = ent->d_ino;
- st.st_mode = ent->d_type << 12;
- filler(buf, ent->d_name, &st, 0);
- }
- }
- closedir(*d);
- }
-
- free(overlays);
- return 0;
-}
-
-/**
- * FUSE mknod method
- */
-static int cowfs_mknod(const char *path, mode_t mode, dev_t rdev)
-{
- int fd;
- rel(&path);
-
- fd = get_wr(path);
- if (!clone_path(get_rd(path), fd, path))
- {
- return -errno;
- }
-
- if (mknodat(fd, path, mode, rdev) < 0)
- {
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE mkdir method
- */
-static int cowfs_mkdir(const char *path, mode_t mode)
-{
- int fd;
- rel(&path);
-
- fd = get_wr(path);
- if (!clone_path(get_rd(path), fd, path))
- {
- return -errno;
- }
- if (mkdirat(fd, path, mode) < 0)
- {
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE unlink method
- */
-static int cowfs_unlink(const char *path)
-{
- rel(&path);
-
- /* TODO: whiteout master */
- if (unlinkat(get_wr(path), path, 0) < 0)
- {
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE rmdir method
- */
-static int cowfs_rmdir(const char *path)
-{
- rel(&path);
-
- /* TODO: whiteout master */
- if (unlinkat(get_wr(path), path, AT_REMOVEDIR) < 0)
- {
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE symlink method
- */
-static int cowfs_symlink(const char *from, const char *to)
-{
- int fd;
- const char *fromrel = from;
-
- rel(&to);
- rel(&fromrel);
-
- fd = get_wr(to);
- if (!clone_path(get_rd(fromrel), fd, fromrel))
- {
- return -errno;
- }
- if (symlinkat(from, fd, to) < 0)
- {
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE rename method
- */
-static int cowfs_rename(const char *from, const char *to)
-{
- int fd;
-
- rel(&from);
- rel(&to);
-
- fd = copy(from);
- if (fd < 0)
- {
- return -errno;
- }
- if (renameat(fd, from, get_wr(to), to) < 0)
- {
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE link method
- */
-static int cowfs_link(const char *from, const char *to)
-{
- int rd, wr;
-
- rel(&from);
- rel(&to);
-
- rd = get_rd(from);
- wr = get_wr(to);
-
- if (!clone_path(rd, wr, to))
- {
- DBG1(DBG_LIB, "cloning path '%s' failed", to);
- return -errno;
- }
- if (linkat(rd, from, wr, to, 0) < 0)
- {
- DBG1(DBG_LIB, "linking '%s' to '%s' failed", from, to);
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE chmod method
- */
-static int cowfs_chmod(const char *path, mode_t mode)
-{
- int fd;
- struct stat st;
-
- rel(&path);
- fd = get_rd(path);
- if (fstatat(fd, path, &st, 0) < 0)
- {
- return -errno;
- }
- if (st.st_mode == mode)
- {
- return 0;
- }
- fd = copy(path);
- if (fd < 0)
- {
- return -errno;
- }
- if (fchmodat(fd, path, mode, 0) < 0)
- {
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE chown method
- */
-static int cowfs_chown(const char *path, uid_t uid, gid_t gid)
-{
- int fd;
- struct stat st;
-
- rel(&path);
- fd = get_rd(path);
- if (fstatat(fd, path, &st, 0) < 0)
- {
- return -errno;
- }
- if (st.st_uid == uid && st.st_gid == gid)
- {
- return 0;
- }
- fd = copy(path);
- if (fd < 0)
- {
- return -errno;
- }
- if (fchownat(fd, path, uid, gid, AT_SYMLINK_NOFOLLOW) < 0)
- {
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE truncate method
- */
-static int cowfs_truncate(const char *path, off_t size)
-{
- int fd;
- struct stat st;
-
- rel(&path);
- fd = get_rd(path);
- if (fstatat(fd, path, &st, 0) < 0)
- {
- return -errno;
- }
- if (st.st_size == size)
- {
- return 0;
- }
- fd = copy(path);
- if (fd < 0)
- {
- return -errno;
- }
- fd = openat(fd, path, O_WRONLY);
- if (fd < 0)
- {
- return -errno;
- }
- if (ftruncate(fd, size) < 0)
- {
- close(fd);
- return -errno;
- }
- close(fd);
- return 0;
-}
-
-/**
- * FUSE utimens method
- */
-static int cowfs_utimens(const char *path, const struct timespec ts[2])
-{
- struct timeval tv[2];
- int fd;
-
- rel(&path);
- fd = copy(path);
- if (fd < 0)
- {
- return -errno;
- }
-
- tv[0].tv_sec = ts[0].tv_sec;
- tv[0].tv_usec = ts[0].tv_nsec / 1000;
- tv[1].tv_sec = ts[1].tv_sec;
- tv[1].tv_usec = ts[1].tv_nsec / 1000;
-
- if (futimesat(fd, path, tv) < 0)
- {
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE open method
- */
-static int cowfs_open(const char *path, struct fuse_file_info *fi)
-{
- int fd;
-
- rel(&path);
- fd = get_rd(path);
-
- fd = openat(fd, path, fi->flags);
- if (fd < 0)
- {
- return -errno;
- }
- close(fd);
- return 0;
-}
-
-/**
- * FUSE read method
- */
-static int cowfs_read(const char *path, char *buf, size_t size, off_t offset,
- struct fuse_file_info *fi)
-{
- int file, fd, res;
-
- rel(&path);
-
- fd = get_rd(path);
-
- file = openat(fd, path, O_RDONLY);
- if (file < 0)
- {
- return -errno;
- }
-
- res = pread(file, buf, size, offset);
- if (res < 0)
- {
- res = -errno;
- }
- close(file);
- return res;
-}
-
-/**
- * FUSE write method
- */
-static int cowfs_write(const char *path, const char *buf, size_t size,
- off_t offset, struct fuse_file_info *fi)
-{
- int file, fd, res;
-
- rel(&path);
-
- fd = copy(path);
- if (fd < 0)
- {
- return -errno;
- }
- file = openat(fd, path, O_WRONLY);
- if (file < 0)
- {
- return -errno;
- }
- res = pwrite(file, buf, size, offset);
- if (res < 0)
- {
- res = -errno;
- }
- close(file);
- return res;
-}
-
-/**
- * FUSE statfs method
- */
-static int cowfs_statfs(const char *path, struct statvfs *stbuf)
-{
- int fd;
-
- fd = get_rd(path);
- if (fstatvfs(fd, stbuf) < 0)
- {
- return -errno;
- }
-
- return 0;
-}
-
-/**
- * FUSE init method
- */
-static void *cowfs_init(struct fuse_conn_info *conn)
-{
- struct fuse_context *ctx;
-
- ctx = fuse_get_context();
-
- return ctx->private_data;
-}
-
-/**
- * FUSE method vectors
- */
-static struct fuse_operations cowfs_operations = {
- .getattr = cowfs_getattr,
- .access = cowfs_access,
- .readlink = cowfs_readlink,
- .readdir = cowfs_readdir,
- .mknod = cowfs_mknod,
- .mkdir = cowfs_mkdir,
- .symlink = cowfs_symlink,
- .unlink = cowfs_unlink,
- .rmdir = cowfs_rmdir,
- .rename = cowfs_rename,
- .link = cowfs_link,
- .chmod = cowfs_chmod,
- .chown = cowfs_chown,
- .truncate = cowfs_truncate,
- .utimens = cowfs_utimens,
- .open = cowfs_open,
- .read = cowfs_read,
- .write = cowfs_write,
- .statfs = cowfs_statfs,
- .init = cowfs_init,
-};
-
-METHOD(cowfs_t, add_overlay, bool,
- private_cowfs_t *this, char *path)
-{
- overlay_t *over = malloc_thing(overlay_t);
- over->fd = open(path, O_RDONLY | O_DIRECTORY);
- if (over->fd < 0)
- {
- DBG1(DBG_LIB, "failed to open overlay directory '%s': %m", path);
- free(over);
- return FALSE;
- }
- over->path = realpath(path, NULL);
- this->lock->write_lock(this->lock);
- overlay_remove(this, over->path);
- this->overlays->insert_first(this->overlays, over);
- this->lock->unlock(this->lock);
- return TRUE;
-}
-
-METHOD(cowfs_t, del_overlay, bool,
- private_cowfs_t *this, char *path)
-{
- bool removed;
- char real[PATH_MAX];
- this->lock->write_lock(this->lock);
- removed = overlay_remove(this, realpath(path, real));
- this->lock->unlock(this->lock);
- return removed;
-}
-
-METHOD(cowfs_t, pop_overlay, bool,
- private_cowfs_t *this)
-{
- overlay_t *over;
- this->lock->write_lock(this->lock);
- if (this->overlays->remove_first(this->overlays, (void**)&over) != SUCCESS)
- {
- this->lock->unlock(this->lock);
- return FALSE;
- }
- this->lock->unlock(this->lock);
- overlay_destroy(over);
- return TRUE;
-}
-
-METHOD(cowfs_t, destroy, void,
- private_cowfs_t *this)
-{
- fuse_exit(this->fuse);
- fuse_unmount(this->mount, this->chan);
- this->thread->join(this->thread);
- fuse_destroy(this->fuse);
- this->lock->destroy(this->lock);
- this->overlays->destroy_function(this->overlays, (void*)overlay_destroy);
- free(this->mount);
- free(this->master);
- free(this->host);
- close(this->master_fd);
- close(this->host_fd);
- free(this);
-}
-
-/**
- * creates a new cowfs fuse instance
- */
-cowfs_t *cowfs_create(char *master, char *host, char *mount)
-{
- struct fuse_args args = {0, NULL, 0};
- private_cowfs_t *this;
-
- INIT(this,
- .public = {
- .add_overlay = _add_overlay,
- .del_overlay = _del_overlay,
- .pop_overlay = _pop_overlay,
- .destroy = _destroy,
- }
- );
-
- this->master_fd = open(master, O_RDONLY | O_DIRECTORY);
- if (this->master_fd < 0)
- {
- DBG1(DBG_LIB, "failed to open master filesystem '%s'", master);
- free(this);
- return NULL;
- }
- this->host_fd = open(host, O_RDONLY | O_DIRECTORY);
- if (this->host_fd < 0)
- {
- DBG1(DBG_LIB, "failed to open host filesystem '%s'", host);
- close(this->master_fd);
- free(this);
- return NULL;
- }
-
- this->chan = fuse_mount(mount, &args);
- if (this->chan == NULL)
- {
- DBG1(DBG_LIB, "mounting cowfs FUSE on '%s' failed", mount);
- close(this->master_fd);
- close(this->host_fd);
- free(this);
- return NULL;
- }
-
- this->fuse = fuse_new(this->chan, &args, &cowfs_operations,
- sizeof(cowfs_operations), this);
- if (this->fuse == NULL)
- {
- DBG1(DBG_LIB, "creating cowfs FUSE handle failed");
- close(this->master_fd);
- close(this->host_fd);
- fuse_unmount(mount, this->chan);
- free(this);
- return NULL;
- }
-
- this->mount = strdup(mount);
- this->master = strdup(master);
- this->host = strdup(host);
- this->overlays = linked_list_create();
- this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
-
- this->thread = thread_create((thread_main_t)fuse_loop, this->fuse);
- if (!this->thread)
- {
- DBG1(DBG_LIB, "creating thread to handle FUSE failed");
- fuse_unmount(mount, this->chan);
- this->lock->destroy(this->lock);
- this->overlays->destroy(this->overlays);
- free(this->mount);
- free(this->master);
- free(this->host);
- close(this->master_fd);
- close(this->host_fd);
- free(this);
- return NULL;
- }
-
- return &this->public;
-}
-
diff --git a/src/dumm/cowfs.h b/src/dumm/cowfs.h
deleted file mode 100644
index 9a596de2e..000000000
--- a/src/dumm/cowfs.h
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (C) 2009 Tobias Brunner
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef COWFS_H
-#define COWFS_H
-
-#include <library.h>
-
-typedef struct cowfs_t cowfs_t;
-
-/**
- * cowfs - Copy on write FUSE filesystem.
- *
- */
-struct cowfs_t {
-
- /**
- * Adds an additional copy on write overlay.
- *
- * If the path was already added as overlay, it is moved to the top.
- *
- * @param path path of the overlay
- * @return FALSE, if failed
- */
- bool (*add_overlay)(cowfs_t *this, char *path);
-
- /**
- * Remove the specified copy on write overlay.
- *
- * @param path path of the overlay
- * @return FALSE, if not found
- */
- bool (*del_overlay)(cowfs_t *this, char *path);
-
- /**
- * Remove the most recently added copy on write overlay.
- *
- * @return FALSE, if no overlay was found
- */
- bool (*pop_overlay)(cowfs_t *this);
-
- /**
- * Stop, umount and destroy a cowfs FUSE filesystem.
- */
- void (*destroy) (cowfs_t *this);
-};
-
-/**
- * Mount a cowfs FUSE filesystem.
- *
- * @param master read only master file system directory
- * @param host copy on write host directory
- * @param mount mountpoint where union is mounted
- * @return instance, or NULL if FUSE initialization failed
- */
-cowfs_t *cowfs_create(char *master, char *host, char *mount);
-
-#endif /* COWFS_H */
-
diff --git a/src/dumm/dumm.c b/src/dumm/dumm.c
deleted file mode 100644
index e24671330..000000000
--- a/src/dumm/dumm.c
+++ /dev/null
@@ -1,444 +0,0 @@
-/*
- * Copyright (C) 2008-2009 Tobias Brunner
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define _GNU_SOURCE
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <dirent.h>
-#include <errno.h>
-
-#include <utils/debug.h>
-#include <collections/linked_list.h>
-
-#include "dumm.h"
-
-#define PERME (S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH)
-#define GUEST_DIR "guests"
-#define TEMPLATE_DIR "templates"
-
-typedef struct private_dumm_t private_dumm_t;
-
-struct private_dumm_t {
- /** public dumm interface */
- dumm_t public;
- /** working dir */
- char *dir;
- /** directory of guests */
- char *guest_dir;
- /** directory of loaded template */
- char *template;
- /** list of managed guests */
- linked_list_t *guests;
- /** list of managed bridges */
- linked_list_t *bridges;
-};
-
-METHOD(dumm_t, create_guest, guest_t*,
- private_dumm_t *this, char *name, char *kernel, char *master, char *args)
-{
- guest_t *guest;
-
- guest = guest_create(this->guest_dir, name, kernel, master, args);
- if (guest)
- {
- this->guests->insert_last(this->guests, guest);
- }
- return guest;
-}
-
-METHOD(dumm_t, create_guest_enumerator, enumerator_t*,
- private_dumm_t *this)
-{
- return this->guests->create_enumerator(this->guests);
-}
-
-METHOD(dumm_t, delete_guest, void,
- private_dumm_t *this, guest_t *guest)
-{
- if (this->guests->remove(this->guests, guest, NULL))
- {
- char buf[512];
- int len;
-
- len = snprintf(buf, sizeof(buf), "rm -Rf %s/%s",
- this->guest_dir, guest->get_name(guest));
- guest->destroy(guest);
- if (len > 8 && len < 512)
- {
- ignore_result(system(buf));
- }
- }
-}
-
-METHOD(dumm_t, create_bridge, bridge_t*,
- private_dumm_t *this, char *name)
-{
- bridge_t *bridge;
-
- bridge = bridge_create(name);
- if (bridge)
- {
- this->bridges->insert_last(this->bridges, bridge);
- }
- return bridge;
-}
-
-METHOD(dumm_t, create_bridge_enumerator, enumerator_t*,
- private_dumm_t *this)
-{
- return this->bridges->create_enumerator(this->bridges);
-}
-
-METHOD(dumm_t, delete_bridge, void,
- private_dumm_t *this, bridge_t *bridge)
-{
- if (this->bridges->remove(this->bridges, bridge, NULL))
- {
- bridge->destroy(bridge);
- }
-}
-
-METHOD(dumm_t, add_overlay, bool,
- private_dumm_t *this, char *dir)
-{
- enumerator_t *enumerator;
- guest_t *guest;
-
- if (dir == NULL)
- {
- return TRUE;
- }
- if (strlen(dir) > PATH_MAX)
- {
- DBG1(DBG_LIB, "overlay directory string '%s' is too long", dir);
- return FALSE;
- }
- if (access(dir, F_OK) != 0)
- {
- if (!mkdir_p(dir, PERME))
- {
- DBG1(DBG_LIB, "creating overlay directory '%s' failed: %m", dir);
- return FALSE;
- }
- }
- enumerator = this->guests->create_enumerator(this->guests);
- while (enumerator->enumerate(enumerator, (void**)&guest))
- {
- char guest_dir[PATH_MAX];
- int len = snprintf(guest_dir, sizeof(guest_dir), "%s/%s", dir,
- guest->get_name(guest));
- if (len < 0 || len >= sizeof(guest_dir))
- {
- goto error;
- }
- if (access(guest_dir, F_OK) != 0)
- {
- if (!mkdir_p(guest_dir, PERME))
- {
- DBG1(DBG_LIB, "creating overlay directory for guest '%s' failed: %m",
- guest->get_name(guest));
- goto error;
- }
- }
- if (!guest->add_overlay(guest, guest_dir))
- {
- goto error;
- }
- }
- enumerator->destroy(enumerator);
- return TRUE;
-error:
- enumerator->destroy(enumerator);
- this->public.del_overlay(&this->public, dir);
- return FALSE;
-}
-
-METHOD(dumm_t, del_overlay, bool,
- private_dumm_t *this, char *dir)
-{
- bool ret = FALSE;
- enumerator_t *enumerator;
- guest_t *guest;
-
- enumerator = this->guests->create_enumerator(this->guests);
- while (enumerator->enumerate(enumerator, (void**)&guest))
- {
- char guest_dir[PATH_MAX];
- int len = snprintf(guest_dir, sizeof(guest_dir), "%s/%s", dir,
- guest->get_name(guest));
- if (len < 0 || len >= sizeof(guest_dir))
- {
- continue;
- }
- ret = guest->del_overlay(guest, guest_dir) || ret;
- }
- enumerator->destroy(enumerator);
- return ret;
-}
-
-METHOD(dumm_t, pop_overlay, bool,
- private_dumm_t *this)
-{
- bool ret = FALSE;
- enumerator_t *enumerator;
- guest_t *guest;
-
- enumerator = this->guests->create_enumerator(this->guests);
- while (enumerator->enumerate(enumerator, (void**)&guest))
- {
- ret = guest->pop_overlay(guest) || ret;
- }
- enumerator->destroy(enumerator);
- return ret;
-}
-
-/**
- * disable the currently enabled template
- */
-static void clear_template(private_dumm_t *this)
-{
- if (this->template)
- {
- del_overlay(this, this->template);
- free(this->template);
- this->template = NULL;
- }
-}
-
-METHOD(dumm_t, load_template, bool,
- private_dumm_t *this, char *name)
-{
- clear_template(this);
- if (name == NULL)
- {
- return TRUE;
- }
- if (strlen(name) > PATH_MAX)
- {
- DBG1(DBG_LIB, "template name '%s' is too long", name);
- return FALSE;
- }
- if (strchr(name, '/') != NULL)
- {
- DBG1(DBG_LIB, "template name '%s' must not contain '/' characters", name);
- return FALSE;
- }
- if (asprintf(&this->template, "%s/%s", TEMPLATE_DIR, name) < 0)
- {
- this->template = NULL;
- return FALSE;
- }
- if (access(this->template, F_OK) != 0)
- {
- if (!mkdir_p(this->template, PERME))
- {
- DBG1(DBG_LIB, "creating template directory '%s' failed: %m",
- this->template);
- return FALSE;
- }
- }
- return add_overlay(this, this->template);
-}
-
-/**
- * Template directory enumerator
- */
-typedef struct {
- /** implements enumerator_t */
- enumerator_t public;
- /** directory enumerator */
- enumerator_t *inner;
-} template_enumerator_t;
-
-METHOD(enumerator_t, template_enumerate, bool,
- template_enumerator_t *this, va_list args)
-{
- struct stat st;
- char *rel, **template;
-
- VA_ARGS_VGET(args, template);
-
- while (this->inner->enumerate(this->inner, &rel, NULL, &st))
- {
- if (S_ISDIR(st.st_mode) && *rel != '.')
- {
- *template = rel;
- return TRUE;
- }
- }
- return FALSE;
-}
-
-METHOD(enumerator_t, template_enumerator_destroy, void,
- template_enumerator_t *this)
-{
- this->inner->destroy(this->inner);
- free(this);
-}
-
-METHOD(dumm_t, create_template_enumerator, enumerator_t*,
- private_dumm_t *this)
-{
- template_enumerator_t *enumerator;
- INIT(enumerator,
- .public = {
- .enumerate = enumerator_enumerate_default,
- .venumerate = _template_enumerate,
- .destroy = (void*)_template_enumerator_destroy,
- },
- .inner = enumerator_create_directory(TEMPLATE_DIR),
- );
- if (!enumerator->inner)
- {
- free(enumerator);
- return enumerator_create_empty();
- }
- return &enumerator->public;
-}
-
-METHOD(dumm_t, destroy, void,
- private_dumm_t *this)
-{
- enumerator_t *enumerator;
- guest_t *guest;
-
- this->bridges->destroy_offset(this->bridges, offsetof(bridge_t, destroy));
-
- enumerator = this->guests->create_enumerator(this->guests);
- while (enumerator->enumerate(enumerator, (void**)&guest))
- {
- guest->stop(guest, NULL);
- }
- enumerator->destroy(enumerator);
-
- while (this->guests->remove_last(this->guests, (void**)&guest) == SUCCESS)
- {
- guest->destroy(guest);
- }
- this->guests->destroy(this->guests);
- free(this->guest_dir);
- free(this->template);
- free(this->dir);
- free(this);
-}
-
-/**
- * load all guests in our working dir
- */
-static void load_guests(private_dumm_t *this)
-{
- DIR *dir;
- struct dirent *ent;
- guest_t *guest;
-
- dir = opendir(this->guest_dir);
- if (dir == NULL)
- {
- return;
- }
-
- while ((ent = readdir(dir)))
- {
- if (*ent->d_name == '.')
- { /* skip ".", ".." and hidden files (such as ".svn") */
- continue;
- }
- guest = guest_load(this->guest_dir, ent->d_name);
- if (guest)
- {
- this->guests->insert_last(this->guests, guest);
- }
- else
- {
- DBG1(DBG_LIB, "loading guest in directory '%s' failed, skipped",
- ent->d_name);
- }
- }
- closedir(dir);
-}
-
-/**
- * create a dumm instance
- */
-dumm_t *dumm_create(char *dir)
-{
- char cwd[PATH_MAX];
- private_dumm_t *this;
-
- INIT(this,
- .public = {
- .create_guest = _create_guest,
- .create_guest_enumerator = _create_guest_enumerator,
- .delete_guest = _delete_guest,
- .create_bridge = _create_bridge,
- .create_bridge_enumerator = _create_bridge_enumerator,
- .delete_bridge = _delete_bridge,
- .add_overlay = _add_overlay,
- .del_overlay = _del_overlay,
- .pop_overlay = _pop_overlay,
- .load_template = _load_template,
- .create_template_enumerator = _create_template_enumerator,
- .destroy = _destroy,
- },
- );
-
- if (dir && *dir == '/')
- {
- this->dir = strdup(dir);
- }
- else
- {
- if (getcwd(cwd, sizeof(cwd)) == NULL)
- {
- free(this);
- return NULL;
- }
- if (dir)
- {
- if (asprintf(&this->dir, "%s/%s", cwd, dir) < 0)
- {
- this->dir = NULL;
- }
- }
- else
- {
- this->dir = strdup(cwd);
- }
- }
- if (asprintf(&this->guest_dir, "%s/%s", this->dir, GUEST_DIR) < 0)
- {
- this->guest_dir = NULL;
- }
-
- this->guests = linked_list_create();
- this->bridges = linked_list_create();
-
- if (this->dir == NULL || this->guest_dir == NULL ||
- (mkdir(this->guest_dir, PERME) < 0 && errno != EEXIST))
- {
- DBG1(DBG_LIB, "creating guest directory '%s' failed: %m",
- this->guest_dir);
- destroy(this);
- return NULL;
- }
-
- load_guests(this);
- return &this->public;
-}
-
diff --git a/src/dumm/dumm.h b/src/dumm/dumm.h
deleted file mode 100644
index 921d2157f..000000000
--- a/src/dumm/dumm.h
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- * Copyright (C) 2008-2009 Tobias Brunner
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef DUMM_H
-#define DUMM_H
-
-#include <signal.h>
-
-#include <library.h>
-#include <collections/enumerator.h>
-
-#include "guest.h"
-#include "bridge.h"
-
-typedef struct dumm_t dumm_t;
-
-/**
- * dumm - Dynamic Uml Mesh Modeler
- *
- * Controls a group of UML guests and their networks.
- */
-struct dumm_t {
-
- /**
- * Starts a new UML guest
- *
- * @param name name of the guest
- * @param kernel UML kernel to use for guest
- * @param master mounted read only master filesystem
- * @param args additional args to pass to kernel
- * @return guest if started, NULL if failed
- */
- guest_t* (*create_guest) (dumm_t *this, char *name, char *kernel,
- char *master, char *args);
-
- /**
- * Create an enumerator over all guests.
- *
- * @return enumerator over guest_t's
- */
- enumerator_t* (*create_guest_enumerator) (dumm_t *this);
-
- /**
- * Delete a guest from disk.
- *
- * @param guest guest to destroy
- */
- void (*delete_guest) (dumm_t *this, guest_t *guest);
-
- /**
- * Create a new bridge.
- *
- * @param name name of the bridge to create
- * @return created bridge
- */
- bridge_t* (*create_bridge)(dumm_t *this, char *name);
-
- /**
- * Create an enumerator over all bridges.
- *
- * @return enumerator over bridge_t's
- */
- enumerator_t* (*create_bridge_enumerator)(dumm_t *this);
-
- /**
- * Delete a bridge.
- *
- * @param bridge bridge to destroy
- */
- void (*delete_bridge) (dumm_t *this, bridge_t *bridge);
-
- /**
- * Add an overlay to all guests.
- *
- * Directories named after the guests are created, if they do not exist
- * in the given overlay directory.
- *
- * If adding the overlay on at lest one guest fails, FALSE is returned and
- * the overlay is again removed from all guests.
- *
- * @param dir dir to the overlay
- * @return FALSE, on failure
- */
- bool (*add_overlay)(dumm_t *this, char *dir);
-
- /**
- * Removes an overlay from all guests.
- *
- * @param dir dir to the overlay
- * @return FALSE, if the overlay was not found on any guest
- */
- bool (*del_overlay)(dumm_t *this, char *dir);
-
- /**
- * Remove the latest overlay from all guests.
- *
- * @return FALSE, if no overlay was found on any guest
- */
- bool (*pop_overlay)(dumm_t *this);
-
- /**
- * Loads a template, create a new one if it does not exist.
- *
- * This is basically a wrapper around add/del_overlay to simplify working
- * with overlays. Templates are located in a predefined directory, so that
- * only a name for the template has to be specified here. Only one template
- * can be loaded at any one time (but other overlays can be added on top or
- * below a template).
- *
- * @param name name of the template to load, NULL to unload
- * @return FALSE if load/create failed
- */
- bool (*load_template)(dumm_t *this, char *name);
-
- /**
- * Create an enumerator over all available templates.
- *
- * @return enumerator over char*
- */
- enumerator_t* (*create_template_enumerator)(dumm_t *this);
-
- /**
- * stop all guests and destroy the modeler
- */
- void (*destroy) (dumm_t *this);
-};
-
-/**
- * Create a group of UML hosts and networks.
- *
- * @param dir directory to create guests/load from, NULL for cwd
- * @return created UML group, or NULL if failed.
- */
-dumm_t *dumm_create(char *dir);
-
-#endif /* DUMM_H */
-
diff --git a/src/dumm/ext/README b/src/dumm/ext/README
deleted file mode 100644
index 270d9d59d..000000000
--- a/src/dumm/ext/README
+++ /dev/null
@@ -1,8 +0,0 @@
-DUMM Ruby Extension
-===================
-
-Build and Install
-
- $ ruby extconf.rb
- $ make
- # make install
diff --git a/src/dumm/ext/dumm.c b/src/dumm/ext/dumm.c
deleted file mode 100644
index 7df72eb30..000000000
--- a/src/dumm/ext/dumm.c
+++ /dev/null
@@ -1,797 +0,0 @@
-/*
- * Copyright (C) 2008-2010 Tobias Brunner
- * Copyright (C) 2008 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <stdio.h>
-#include <signal.h>
-#include <unistd.h>
-#include <fcntl.h>
-
-#include <library.h>
-#include <dumm.h>
-#include <utils/debug.h>
-#include <collections/linked_list.h>
-
-#undef PACKAGE_NAME
-#undef PACKAGE_TARNAME
-#undef PACKAGE_VERSION
-#undef PACKAGE_STRING
-#undef PACKAGE_BUGREPORT
-#undef PACKAGE_URL
-#undef HAVE_DLADDR
-#undef HAVE_QSORT_R
-/* avoid redefintiion of snprintf etc. */
-#define RUBY_DONT_SUBST
-/* undef our _GNU_SOURCE, as it gets redefined by <ruby.h> */
-#undef _GNU_SOURCE
-#include <ruby.h>
-
-static dumm_t *dumm;
-
-static VALUE rbm_dumm;
-static VALUE rbc_guest;
-static VALUE rbc_bridge;
-static VALUE rbc_iface;
-static VALUE rbc_template;
-
-/**
- * Guest invocation callback
- */
-static pid_t invoke(void *null, guest_t *guest, char *args[], int argc)
-{
- pid_t pid;
-
- pid = fork();
- switch (pid)
- {
- case 0: /* child */
- /* create a new process group in order to prevent signals (e.g.
- * SIGINT) sent to the parent from terminating the child */
- setpgid(0, 0);
- dup2(open("/dev/null", 0), 1);
- dup2(open("/dev/null", 0), 2);
- execvp(args[0], args);
- /* FALL */
- case -1:
- return 0;
- default:
- return pid;
- }
-}
-
-/**
- * SIGCHLD signal handler
- */
-static void sigchld_handler(int signal, siginfo_t *info, void* ptr)
-{
- enumerator_t *enumerator;
- guest_t *guest;
-
- enumerator = dumm->create_guest_enumerator(dumm);
- while (enumerator->enumerate(enumerator, &guest))
- {
- if (guest->get_pid(guest) == info->si_pid)
- {
- guest->sigchild(guest);
- break;
- }
- }
- enumerator->destroy(enumerator);
-}
-
-
-/**
- * Global Dumm bindings
- */
-static VALUE dumm_add_overlay(VALUE class, VALUE dir)
-{
- if (!dumm->add_overlay(dumm, StringValuePtr(dir)))
- {
- rb_raise(rb_eRuntimeError, "loading overlay failed");
- }
- return class;
-}
-
-static VALUE dumm_del_overlay(VALUE class, VALUE dir)
-{
- return dumm->del_overlay(dumm, StringValuePtr(dir)) ? Qtrue : Qfalse;
-}
-
-static VALUE dumm_pop_overlay(VALUE class)
-{
- return dumm->pop_overlay(dumm) ? Qtrue : Qfalse;
-}
-
-static void dumm_init()
-{
- rbm_dumm = rb_define_module("Dumm");
-
- rb_define_module_function(rbm_dumm, "add_overlay", dumm_add_overlay, 1);
- rb_define_module_function(rbm_dumm, "del_overlay", dumm_del_overlay, 1);
- rb_define_module_function(rbm_dumm, "pop_overlay", dumm_pop_overlay, 0);
-}
-
-/**
- * Guest bindings
- */
-static VALUE guest_hash_create(VALUE class)
-{
- enumerator_t *enumerator;
- guest_t *guest;
- VALUE hash = rb_hash_new();
- enumerator = dumm->create_guest_enumerator(dumm);
- while (enumerator->enumerate(enumerator, &guest))
- {
- rb_hash_aset(hash, rb_str_new2(guest->get_name(guest)),
- Data_Wrap_Struct(class, NULL, NULL, guest));
- }
- enumerator->destroy(enumerator);
- return hash;
-}
-
-static VALUE guest_hash(VALUE class)
-{
- ID id = rb_intern("@@guests");
- if (!rb_cvar_defined(class, id))
- {
- VALUE hash = guest_hash_create(class);
-#ifdef RB_CVAR_SET_4_ARGS
- rb_cvar_set(class, id, hash, 0);
-#else
- rb_cvar_set(class, id, hash);
-#endif
- return hash;
- }
- return rb_cvar_get(class, id);
-}
-
-static VALUE guest_find(VALUE class, VALUE key)
-{
- if (TYPE(key) != T_STRING)
- {
- key = rb_convert_type(key, T_STRING, "String", "to_s");
- }
- return rb_hash_aref(guest_hash(class), key);
-}
-
-static VALUE guest_get(VALUE class, VALUE key)
-{
- return guest_find(class, key);
-}
-
-static VALUE guest_each(int argc, VALUE *argv, VALUE class)
-{
- if (!rb_block_given_p())
- {
- rb_raise(rb_eArgError, "must be called with a block");
- }
- rb_block_call(guest_hash(class), rb_intern("each_value"), 0, 0,
- rb_yield, 0);
- return class;
-}
-
-static VALUE guest_new(VALUE class, VALUE name, VALUE kernel,
- VALUE master, VALUE args)
-{
- VALUE self;
- guest_t *guest;
- guest = dumm->create_guest(dumm, StringValuePtr(name),
- StringValuePtr(kernel), StringValuePtr(master),
- StringValuePtr(args));
- if (!guest)
- {
- rb_raise(rb_eRuntimeError, "creating guest failed");
- }
- self = Data_Wrap_Struct(class, NULL, NULL, guest);
- rb_hash_aset(guest_hash(class), name, self);
- return self;
-}
-
-static VALUE guest_to_s(VALUE self)
-{
- guest_t *guest;
-
- Data_Get_Struct(self, guest_t, guest);
- return rb_str_new2(guest->get_name(guest));
-}
-
-static VALUE guest_start(VALUE self)
-{
- guest_t *guest;
-
- Data_Get_Struct(self, guest_t, guest);
-
- if (!guest->start(guest, invoke, NULL, NULL))
- {
- rb_raise(rb_eRuntimeError, "starting guest failed");
- }
- return self;
-}
-
-static VALUE guest_stop(VALUE self)
-{
- guest_t *guest;
-
- Data_Get_Struct(self, guest_t, guest);
- guest->stop(guest, NULL);
- return self;
-}
-
-static VALUE guest_running(VALUE self)
-{
- guest_t *guest;
-
- Data_Get_Struct(self, guest_t, guest);
- return guest->get_pid(guest) ? Qtrue : Qfalse;
-}
-
-static void exec_cb(void *data, char *buf)
-{
- rb_yield(rb_str_new2(buf));
-}
-
-static VALUE guest_exec(VALUE self, VALUE cmd)
-{
- guest_t *guest;
- bool block;
- int ret;
-
- block = rb_block_given_p();
- Data_Get_Struct(self, guest_t, guest);
- ret = guest->exec_str(guest, block ? (void*)exec_cb : NULL, TRUE, NULL,
- "exec %s", StringValuePtr(cmd));
- rb_iv_set(self, "@execstatus", INT2NUM(ret));
- return self;
-}
-
-static VALUE guest_mconsole(VALUE self, VALUE cmd)
-{
- guest_t *guest;
- bool block;
- int ret;
-
- block = rb_block_given_p();
- Data_Get_Struct(self, guest_t, guest);
- if ((ret = guest->exec_str(guest, block ? (void*)exec_cb : NULL, TRUE, NULL,
- "%s", StringValuePtr(cmd))) != 0)
- {
- rb_raise(rb_eRuntimeError, "executing command failed (%d)", ret);
- }
- return self;
-}
-
-static VALUE guest_add_iface(VALUE self, VALUE name)
-{
- guest_t *guest;
- iface_t *iface;
-
- Data_Get_Struct(self, guest_t, guest);
- iface = guest->create_iface(guest, StringValuePtr(name));
- if (!iface)
- {
- rb_raise(rb_eRuntimeError, "adding interface failed");
- }
- return Data_Wrap_Struct(rbc_iface, NULL, NULL, iface);
-}
-
-static VALUE guest_find_iface(VALUE self, VALUE key)
-{
- enumerator_t *enumerator;
- iface_t *iface, *found = NULL;
- guest_t *guest;
-
- if (TYPE(key) == T_SYMBOL)
- {
- key = rb_convert_type(key, T_STRING, "String", "to_s");
- }
- Data_Get_Struct(self, guest_t, guest);
- enumerator = guest->create_iface_enumerator(guest);
- while (enumerator->enumerate(enumerator, &iface))
- {
- if (streq(iface->get_guestif(iface), StringValuePtr(key)))
- {
- found = iface;
- break;
- }
- }
- enumerator->destroy(enumerator);
- if (!found)
- {
- return Qnil;
- }
- return Data_Wrap_Struct(rbc_iface, NULL, NULL, iface);
-}
-
-static VALUE guest_get_iface(VALUE self, VALUE key)
-{
- VALUE iface = guest_find_iface(self, key);
- if (NIL_P(iface))
- {
- rb_raise(rb_eRuntimeError, "interface not found");
- }
- return iface;
-}
-
-static VALUE guest_each_iface(int argc, VALUE *argv, VALUE self)
-{
- enumerator_t *enumerator;
- linked_list_t *list;
- guest_t *guest;
- iface_t *iface;
-
- if (!rb_block_given_p())
- {
- rb_raise(rb_eArgError, "must be called with a block");
- }
- Data_Get_Struct(self, guest_t, guest);
- list = linked_list_create();
- enumerator = guest->create_iface_enumerator(guest);
- while (enumerator->enumerate(enumerator, &iface))
- {
- list->insert_last(list, iface);
- }
- enumerator->destroy(enumerator);
- while (list->remove_first(list, (void**)&iface) == SUCCESS)
- {
- rb_yield(Data_Wrap_Struct(rbc_iface, NULL, NULL, iface));
- }
- list->destroy(list);
- return self;
-}
-
-static VALUE guest_delete(VALUE self)
-{
- guest_t *guest;
-
- Data_Get_Struct(self, guest_t, guest);
- if (guest->get_pid(guest))
- {
- rb_raise(rb_eRuntimeError, "guest is running");
- }
- dumm->delete_guest(dumm, guest);
- return Qnil;
-}
-
-static VALUE guest_add_overlay(VALUE self, VALUE dir)
-{
- guest_t *guest;
-
- Data_Get_Struct(self, guest_t, guest);
- if (!guest->add_overlay(guest, StringValuePtr(dir)))
- {
- rb_raise(rb_eRuntimeError, "loading overlay failed");
- }
- return self;
-}
-
-static VALUE guest_del_overlay(VALUE self, VALUE dir)
-{
- guest_t *guest;
-
- Data_Get_Struct(self, guest_t, guest);
- return guest->del_overlay(guest, StringValuePtr(dir)) ? Qtrue : Qfalse;
-}
-
-static VALUE guest_pop_overlay(VALUE self)
-{
- guest_t *guest;
-
- Data_Get_Struct(self, guest_t, guest);
- return guest->pop_overlay(guest) ? Qtrue : Qfalse;
-}
-
-static void guest_init()
-{
- rbc_guest = rb_define_class_under(rbm_dumm , "Guest", rb_cObject);
- rb_include_module(rb_class_of(rbc_guest), rb_mEnumerable);
- rb_include_module(rbc_guest, rb_mEnumerable);
-
- rb_define_singleton_method(rbc_guest, "[]", guest_get, 1);
- rb_define_singleton_method(rbc_guest, "each", guest_each, -1);
- rb_define_singleton_method(rbc_guest, "new", guest_new, 4);
- rb_define_singleton_method(rbc_guest, "include?", guest_find, 1);
- rb_define_singleton_method(rbc_guest, "guest?", guest_find, 1);
-
- rb_define_method(rbc_guest, "to_s", guest_to_s, 0);
- rb_define_method(rbc_guest, "start", guest_start, 0);
- rb_define_method(rbc_guest, "stop", guest_stop, 0);
- rb_define_method(rbc_guest, "running?", guest_running, 0);
- rb_define_method(rbc_guest, "exec", guest_exec, 1);
- rb_define_method(rbc_guest, "mconsole", guest_mconsole, 1);
- rb_define_method(rbc_guest, "add", guest_add_iface, 1);
- rb_define_method(rbc_guest, "[]", guest_get_iface, 1);
- rb_define_method(rbc_guest, "each", guest_each_iface, -1);
- rb_define_method(rbc_guest, "include?", guest_find_iface, 1);
- rb_define_method(rbc_guest, "iface?", guest_find_iface, 1);
- rb_define_method(rbc_guest, "delete", guest_delete, 0);
- rb_define_method(rbc_guest, "add_overlay", guest_add_overlay, 1);
- rb_define_method(rbc_guest, "del_overlay", guest_del_overlay, 1);
- rb_define_method(rbc_guest, "pop_overlay", guest_pop_overlay, 0);
-
- rb_define_attr(rbc_guest, "execstatus", 1, 0);
-}
-
-/**
- * Bridge binding
- */
-static VALUE bridge_find(VALUE class, VALUE key)
-{
- enumerator_t *enumerator;
- bridge_t *bridge, *found = NULL;
-
- if (TYPE(key) == T_SYMBOL)
- {
- key = rb_convert_type(key, T_STRING, "String", "to_s");
- }
- enumerator = dumm->create_bridge_enumerator(dumm);
- while (enumerator->enumerate(enumerator, &bridge))
- {
- if (streq(bridge->get_name(bridge), StringValuePtr(key)))
- {
- found = bridge;
- break;
- }
- }
- enumerator->destroy(enumerator);
- if (!found)
- {
- return Qnil;
- }
- return Data_Wrap_Struct(class, NULL, NULL, found);
-}
-
-static VALUE bridge_get(VALUE class, VALUE key)
-{
- VALUE bridge = bridge_find(class, key);
- if (NIL_P(bridge))
- {
- rb_raise(rb_eRuntimeError, "bridge not found");
- }
- return bridge;
-}
-
-static VALUE bridge_each(int argc, VALUE *argv, VALUE class)
-{
- enumerator_t *enumerator;
- linked_list_t *list;
- bridge_t *bridge;
-
- if (!rb_block_given_p())
- {
- rb_raise(rb_eArgError, "must be called with a block");
- }
- list = linked_list_create();
- enumerator = dumm->create_bridge_enumerator(dumm);
- while (enumerator->enumerate(enumerator, &bridge))
- {
- list->insert_last(list, bridge);
- }
- enumerator->destroy(enumerator);
- while (list->remove_first(list, (void**)&bridge) == SUCCESS)
- {
- rb_yield(Data_Wrap_Struct(class, NULL, NULL, bridge));
- }
- list->destroy(list);
- return class;
-}
-
-static VALUE bridge_new(VALUE class, VALUE name)
-
-{
- bridge_t *bridge;
-
- bridge = dumm->create_bridge(dumm, StringValuePtr(name));
- if (!bridge)
- {
- rb_raise(rb_eRuntimeError, "creating bridge failed");
- }
- return Data_Wrap_Struct(class, NULL, NULL, bridge);
-}
-
-static VALUE bridge_to_s(VALUE self)
-{
- bridge_t *bridge;
-
- Data_Get_Struct(self, bridge_t, bridge);
- return rb_str_new2(bridge->get_name(bridge));
-}
-
-static VALUE bridge_each_iface(int argc, VALUE *argv, VALUE self)
-{
- enumerator_t *enumerator;
- linked_list_t *list;
- bridge_t *bridge;
- iface_t *iface;
-
- if (!rb_block_given_p())
- {
- rb_raise(rb_eArgError, "must be called with a block");
- }
- Data_Get_Struct(self, bridge_t, bridge);
- list = linked_list_create();
- enumerator = bridge->create_iface_enumerator(bridge);
- while (enumerator->enumerate(enumerator, &iface))
- {
- list->insert_last(list, iface);
- }
- enumerator->destroy(enumerator);
- while (list->remove_first(list, (void**)&iface) == SUCCESS)
- {
- rb_yield(Data_Wrap_Struct(rbc_iface, NULL, NULL, iface));
- }
- list->destroy(list);
- return self;
-}
-
-static VALUE bridge_delete(VALUE self)
-{
- bridge_t *bridge;
-
- Data_Get_Struct(self, bridge_t, bridge);
- dumm->delete_bridge(dumm, bridge);
- return Qnil;
-}
-
-static void bridge_init()
-{
- rbc_bridge = rb_define_class_under(rbm_dumm , "Bridge", rb_cObject);
- rb_include_module(rb_class_of(rbc_bridge), rb_mEnumerable);
- rb_include_module(rbc_bridge, rb_mEnumerable);
-
- rb_define_singleton_method(rbc_bridge, "[]", bridge_get, 1);
- rb_define_singleton_method(rbc_bridge, "each", bridge_each, -1);
- rb_define_singleton_method(rbc_bridge, "new", bridge_new, 1);
- rb_define_singleton_method(rbc_bridge, "include?", bridge_find, 1);
- rb_define_singleton_method(rbc_bridge, "bridge?", bridge_find, 1);
-
- rb_define_method(rbc_bridge, "to_s", bridge_to_s, 0);
- rb_define_method(rbc_bridge, "each", bridge_each_iface, -1);
- rb_define_method(rbc_bridge, "delete", bridge_delete, 0);
-}
-
-/**
- * Iface wrapper
- */
-static VALUE iface_to_s(VALUE self)
-{
- iface_t *iface;
-
- Data_Get_Struct(self, iface_t, iface);
- return rb_str_new2(iface->get_hostif(iface));
-}
-
-static VALUE iface_connect(VALUE self, VALUE vbridge)
-{
- iface_t *iface;
- bridge_t *bridge;
-
- Data_Get_Struct(self, iface_t, iface);
- Data_Get_Struct(vbridge, bridge_t, bridge);
- if (!bridge->connect_iface(bridge, iface))
- {
- rb_raise(rb_eRuntimeError, "connecting iface failed");
- }
- return self;
-}
-
-static VALUE iface_disconnect(VALUE self)
-{
- iface_t *iface;
- bridge_t *bridge;
-
- Data_Get_Struct(self, iface_t, iface);
- bridge = iface->get_bridge(iface);
- if (!bridge || !bridge->disconnect_iface(bridge, iface))
- {
- rb_raise(rb_eRuntimeError, "disconnecting iface failed");
- }
- return self;
-}
-
-static VALUE iface_add_addr(VALUE self, VALUE name)
-{
- iface_t *iface;
- host_t *addr;
- int bits;
-
- addr = host_create_from_subnet(StringValuePtr(name), &bits);
- if (!addr)
- {
- rb_raise(rb_eArgError, "invalid IP address");
- }
- Data_Get_Struct(self, iface_t, iface);
- if (!iface->add_address(iface, addr, bits))
- {
- addr->destroy(addr);
- rb_raise(rb_eRuntimeError, "adding address failed");
- }
- if (rb_block_given_p()) {
- rb_yield(self);
- iface->delete_address(iface, addr, bits);
- }
- addr->destroy(addr);
- return self;
-}
-
-static VALUE iface_each_addr(int argc, VALUE *argv, VALUE self)
-{
- enumerator_t *enumerator;
- linked_list_t *list;
- iface_t *iface;
- host_t *addr;
- char buf[64], *fmt = "%H";
-
- if (!rb_block_given_p())
- {
- rb_raise(rb_eArgError, "must be called with a block");
- }
- list = linked_list_create();
- Data_Get_Struct(self, iface_t, iface);
- enumerator = iface->create_address_enumerator(iface);
- while (enumerator->enumerate(enumerator, &addr))
- {
- list->insert_last(list, addr->clone(addr));
- }
- enumerator->destroy(enumerator);
- while (list->remove_first(list, (void**)&addr) == SUCCESS)
- {
- snprintf(buf, sizeof(buf), fmt, addr);
- addr->destroy(addr);
- rb_yield(rb_str_new2(buf));
- }
- list->destroy(list);
- return self;
-}
-
-static VALUE iface_del_addr(VALUE self, VALUE vaddr)
-{
- iface_t *iface;
- host_t *addr;
- int bits;
-
- addr = host_create_from_subnet(StringValuePtr(vaddr), &bits);
- if (!addr)
- {
- rb_raise(rb_eArgError, "invalid IP address");
- }
- Data_Get_Struct(self, iface_t, iface);
- if (!iface->delete_address(iface, addr, bits))
- {
- addr->destroy(addr);
- rb_raise(rb_eRuntimeError, "address not found");
- }
- if (rb_block_given_p()) {
- rb_yield(self);
- iface->add_address(iface, addr, bits);
- }
- addr->destroy(addr);
- return self;
-}
-
-static VALUE iface_delete(VALUE self)
-{
- guest_t *guest;
- iface_t *iface;
-
- Data_Get_Struct(self, iface_t, iface);
- guest = iface->get_guest(iface);
- guest->destroy_iface(guest, iface);
- return Qnil;
-}
-
-static void iface_init()
-{
- rbc_iface = rb_define_class_under(rbm_dumm , "Iface", rb_cObject);
- rb_include_module(rbc_iface, rb_mEnumerable);
-
- rb_define_method(rbc_iface, "to_s", iface_to_s, 0);
- rb_define_method(rbc_iface, "connect", iface_connect, 1);
- rb_define_method(rbc_iface, "disconnect", iface_disconnect, 0);
- rb_define_method(rbc_iface, "add", iface_add_addr, 1);
- rb_define_method(rbc_iface, "del", iface_del_addr, 1);
- rb_define_method(rbc_iface, "each", iface_each_addr, -1);
- rb_define_method(rbc_iface, "delete", iface_delete, 0);
-}
-
-static VALUE template_load(VALUE class, VALUE dir)
-{
- if (!dumm->load_template(dumm, StringValuePtr(dir)))
- {
- rb_raise(rb_eRuntimeError, "loading template failed");
- }
- return class;
-}
-
-static VALUE template_unload(VALUE class)
-{
- if (!dumm->load_template(dumm, NULL))
- {
- rb_raise(rb_eRuntimeError, "unloading template failed");
- }
- return class;
-}
-
-static VALUE template_each(int argc, VALUE *argv, VALUE class)
-{
- enumerator_t *enumerator;
- char *template;
-
- if (!rb_block_given_p())
- {
- rb_raise(rb_eArgError, "must be called with a block");
- }
- enumerator = dumm->create_template_enumerator(dumm);
- while (enumerator->enumerate(enumerator, &template))
- {
- rb_yield(rb_str_new2(template));
- }
- enumerator->destroy(enumerator);
- return class;
-}
-
-static void template_init()
-{
- rbc_template = rb_define_class_under(rbm_dumm , "Template", rb_cObject);
- rb_include_module(rb_class_of(rbc_template), rb_mEnumerable);
-
- rb_define_singleton_method(rbc_template, "load", template_load, 1);
- rb_define_singleton_method(rbc_template, "unload", template_unload, 0);
- rb_define_singleton_method(rbc_template, "each", template_each, -1);
-}
-
-/**
- * extension finalization
- */
-void Final_dumm()
-{
- struct sigaction action;
-
- dumm->destroy(dumm);
-
- sigemptyset(&action.sa_mask);
- action.sa_handler = SIG_DFL;
- action.sa_flags = 0;
- sigaction(SIGCHLD, &action, NULL);
-
- library_deinit();
-}
-
-/**
- * extension initialization
- */
-void Init_dumm()
-{
- struct sigaction action;
-
- /* there are too many to report, rubyruby... */
- setenv("LEAK_DETECTIVE_DISABLE", "1", 1);
-
- library_init(NULL, "dumm");
-
- dumm = dumm_create(NULL);
-
- dumm_init();
- guest_init();
- bridge_init();
- iface_init();
- template_init();
-
- sigemptyset(&action.sa_mask);
- action.sa_sigaction = sigchld_handler;
- action.sa_flags = SA_SIGINFO;
- sigaction(SIGCHLD, &action, NULL);
-
- rb_set_end_proc(Final_dumm, 0);
-}
diff --git a/src/dumm/ext/extconf.rb.in b/src/dumm/ext/extconf.rb.in
deleted file mode 100644
index 29df65ca7..000000000
--- a/src/dumm/ext/extconf.rb.in
+++ /dev/null
@@ -1,19 +0,0 @@
-#
-# DUMM for Ruby
-#
-
-require 'mkmf'
-
-$defs << " @DEFS@"
-$CFLAGS << " -Wno-format -include \"@top_builddir@/config.h\""
-
-dir_config('dumm', '@top_srcdir@/src/dumm', '../.libs')
-dir_config('strongswan', '@top_srcdir@/src/libstrongswan', '../../libstrongswan/.libs')
-
-unless find_library('dumm', 'dumm_create')
- puts "... failed: 'libdumm' not found!"
- exit
-end
-
-create_makefile('dumm', '@top_srcdir@/src/dumm/ext')
-
diff --git a/src/dumm/ext/lib/dumm.rb b/src/dumm/ext/lib/dumm.rb
deleted file mode 100644
index 0dd7ada10..000000000
--- a/src/dumm/ext/lib/dumm.rb
+++ /dev/null
@@ -1,63 +0,0 @@
-=begin
- Copyright (C) 2008-2009 Tobias Brunner
- HSR Hochschule fuer Technik Rapperswil
-
- This program is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by the
- Free Software Foundation; either version 2 of the License, or (at your
- option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-
- This program is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- for more details.
-=end
-
-require 'dumm.so'
-require 'dumm/guest'
-
-module Dumm
-
- # use guest/bridge indentifiers directly
- def method_missing(id, *args)
- if Guest.guest? id
- return Guest[id]
- end
- if Bridge.bridge? id
- return Bridge[id]
- end
- super(id, *args)
- end
-
- # shortcut for Template loading
- def template(name = nil)
- if name
- Template.load name
- else
- Template.sort.each {|t| puts t }
- end
- return Dumm
- end
-
- # unload template/overlays, reset all guests and delete bridges
- def reset
- Template.unload
- Guest.each { |guest|
- guest.reset
- }
- Bridge.each { |bridge|
- bridge.delete
- }
- return Dumm
- end
-
- # wait until all running guests have booted up
- def boot
- Guest.each {|g|
- g.boot if g.running?
- }
- return Dumm
- end
-end
-
-# vim:sw=2 ts=2 et
diff --git a/src/dumm/ext/lib/dumm/guest.rb b/src/dumm/ext/lib/dumm/guest.rb
deleted file mode 100644
index 6978edcb3..000000000
--- a/src/dumm/ext/lib/dumm/guest.rb
+++ /dev/null
@@ -1,59 +0,0 @@
-=begin
- Copyright (C) 2008-2010 Tobias Brunner
- HSR Hochschule fuer Technik Rapperswil
-
- This program is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by the
- Free Software Foundation; either version 2 of the License, or (at your
- option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-
- This program is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- for more details.
-=end
-
-module Dumm
- class Guest
- # accessor for guests
- # e.g. Guest.sun instead of Guest["sun"]
- def self.method_missing(id, *args)
- unless guest? id
- super(id, *args)
- end
- Guest[id]
- end
-
- # accessor for interfaces
- # e.g. guest.eth0 instead of guest["eth0"]
- def method_missing(id, *args)
- unless iface? id
- super(id, *args)
- end
- self[id]
- end
-
- # remove all overlays, delete all interfaces
- def reset
- while pop_overlay; end
- each {|i|
- i.delete
- }
- end
-
- # has the guest booted up?
- def booted?
- exec("pgrep getty")
- execstatus == 0
- end
-
- # wait until the guest has booted
- def boot
- while not booted?
- sleep(1)
- end
- end
- end
-end
-
-# vim:sw=2 ts=2 et
diff --git a/src/dumm/guest.c b/src/dumm/guest.c
deleted file mode 100644
index 327b86c63..000000000
--- a/src/dumm/guest.c
+++ /dev/null
@@ -1,682 +0,0 @@
-/*
- * Copyright (C) 2008-2009 Tobias Brunner
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define _GNU_SOURCE
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/wait.h>
-#include <sys/uio.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <fcntl.h>
-#include <signal.h>
-#include <dirent.h>
-#include <termios.h>
-#include <stdarg.h>
-
-#include <utils/debug.h>
-#include <collections/linked_list.h>
-
-#include "dumm.h"
-#include "guest.h"
-#include "mconsole.h"
-#include "cowfs.h"
-
-#define PERME (S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH)
-#define PERM (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH)
-
-#define MASTER_DIR "master"
-#define DIFF_DIR "diff"
-#define UNION_DIR "union"
-#define ARGS_FILE "args"
-#define PID_FILE "pid"
-#define KERNEL_FILE "linux"
-#define LOG_FILE "boot.log"
-#define NOTIFY_FILE "notify"
-#define PTYS 0
-
-typedef struct private_guest_t private_guest_t;
-
-struct private_guest_t {
- /** implemented public interface */
- guest_t public;
- /** name of the guest */
- char *name;
- /** directory of guest */
- int dir;
- /** directory name of guest */
- char *dirname;
- /** additional args to pass to guest */
- char *args;
- /** pid of guest child process */
- int pid;
- /** state of guest */
- guest_state_t state;
- /** FUSE cowfs instance */
- cowfs_t *cowfs;
- /** mconsole to control running UML */
- mconsole_t *mconsole;
- /** list of interfaces attached to the guest */
- linked_list_t *ifaces;
-};
-
-ENUM(guest_state_names, GUEST_STOPPED, GUEST_STOPPING,
- "STOPPED",
- "STARTING",
- "RUNNING",
- "PAUSED",
- "STOPPING",
-);
-
-METHOD(guest_t, get_name, char*,
- private_guest_t *this)
-{
- return this->name;
-}
-
-METHOD(guest_t, create_iface, iface_t*,
- private_guest_t *this, char *name)
-{
- enumerator_t *enumerator;
- iface_t *iface;
-
- if (this->state != GUEST_RUNNING)
- {
- DBG1(DBG_LIB, "guest '%s' not running, unable to add interface",
- this->name);
- return NULL;
- }
-
- enumerator = this->ifaces->create_enumerator(this->ifaces);
- while (enumerator->enumerate(enumerator, (void**)&iface))
- {
- if (streq(name, iface->get_guestif(iface)))
- {
- DBG1(DBG_LIB, "guest '%s' already has an interface '%s'",
- this->name, name);
- enumerator->destroy(enumerator);
- return NULL;
- }
- }
- enumerator->destroy(enumerator);
-
- iface = iface_create(name, &this->public, this->mconsole);
- if (iface)
- {
- this->ifaces->insert_last(this->ifaces, iface);
- }
- return iface;
-}
-
-METHOD(guest_t, destroy_iface, void,
- private_guest_t *this, iface_t *iface)
-{
- enumerator_t *enumerator;
- iface_t *current;
-
- enumerator = this->ifaces->create_enumerator(this->ifaces);
- while (enumerator->enumerate(enumerator, (void**)&current))
- {
- if (current == iface)
- {
- this->ifaces->remove_at(this->ifaces, enumerator);
- current->destroy(current);
- break;
- }
- }
- enumerator->destroy(enumerator);
-}
-
-METHOD(guest_t, create_iface_enumerator, enumerator_t*,
- private_guest_t *this)
-{
- return this->ifaces->create_enumerator(this->ifaces);
-}
-
-METHOD(guest_t, get_state, guest_state_t,
- private_guest_t *this)
-{
- return this->state;
-}
-
-METHOD(guest_t, get_pid, pid_t,
- private_guest_t *this)
-{
- return this->pid;
-}
-
-/**
- * write format string to a buffer, and advance buffer position
- */
-static char* write_arg(char **pos, size_t *left, char *format, ...)
-{
- size_t len;
- char *res = NULL;
- va_list args;
-
- va_start(args, format);
- len = vsnprintf(*pos, *left, format, args);
- va_end(args);
- if (len < *left)
- {
- res = *pos;
- len++;
- *pos += len + 1;
- *left -= len + 1;
- }
- return res;
-}
-
-METHOD(guest_t, stop, void,
- private_guest_t *this, idle_function_t idle)
-{
- if (this->state != GUEST_STOPPED)
- {
- this->state = GUEST_STOPPING;
- this->ifaces->destroy_offset(this->ifaces, offsetof(iface_t, destroy));
- this->ifaces = linked_list_create();
- kill(this->pid, SIGINT);
- while (this->state != GUEST_STOPPED)
- {
- if (idle)
- {
- idle();
- }
- else
- {
- usleep(50000);
- }
- }
- unlinkat(this->dir, PID_FILE, 0);
- this->pid = 0;
- }
-}
-
-/**
- * save pid in file
- */
-void savepid(private_guest_t *this)
-{
- FILE *file;
-
- file = fdopen(openat(this->dir, PID_FILE, O_RDWR | O_CREAT | O_TRUNC,
- PERM), "w");
- if (file)
- {
- fprintf(file, "%d", this->pid);
- fclose(file);
- }
-}
-
-METHOD(guest_t, start, bool,
- private_guest_t *this, invoke_function_t invoke, void* data,
- idle_function_t idle)
-{
- char buf[2048];
- char *notify;
- char *pos = buf;
- char *args[32];
- int i = 0;
- size_t left = sizeof(buf);
-
- memset(args, 0, sizeof(args));
-
- if (this->state != GUEST_STOPPED)
- {
- DBG1(DBG_LIB, "unable to start guest in state %N", guest_state_names,
- this->state);
- return FALSE;
- }
- this->state = GUEST_STARTING;
-
- notify = write_arg(&pos, &left, "%s/%s", this->dirname, NOTIFY_FILE);
-
- args[i++] = write_arg(&pos, &left, "nice");
- args[i++] = write_arg(&pos, &left, "%s/%s", this->dirname, KERNEL_FILE);
- args[i++] = write_arg(&pos, &left, "root=/dev/root");
- args[i++] = write_arg(&pos, &left, "rootfstype=hostfs");
- args[i++] = write_arg(&pos, &left, "rootflags=%s/%s", this->dirname, UNION_DIR);
- args[i++] = write_arg(&pos, &left, "uml_dir=%s", this->dirname);
- args[i++] = write_arg(&pos, &left, "umid=%s", this->name);
- args[i++] = write_arg(&pos, &left, "mconsole=notify:%s", notify);
- args[i++] = write_arg(&pos, &left, "con=null");
- if (this->args)
- {
- args[i++] = this->args;
- }
-
- this->pid = invoke(data, &this->public, args, i);
- if (!this->pid)
- {
- this->state = GUEST_STOPPED;
- return FALSE;
- }
- savepid(this);
-
- /* open mconsole */
- this->mconsole = mconsole_create(notify, idle);
- if (this->mconsole == NULL)
- {
- DBG1(DBG_LIB, "opening mconsole at '%s' failed, stopping guest", buf);
- stop(this, NULL);
- return FALSE;
- }
-
- this->state = GUEST_RUNNING;
- return TRUE;
-}
-
-METHOD(guest_t, add_overlay, bool,
- private_guest_t *this, char *path)
-{
- if (path == NULL)
- {
- return FALSE;
- }
-
- if (access(path, F_OK) != 0)
- {
- if (!mkdir_p(path, PERME))
- {
- DBG1(DBG_LIB, "creating overlay for guest '%s' failed: %m",
- this->name);
- return FALSE;
- }
- }
-
- return this->cowfs->add_overlay(this->cowfs, path);
-}
-
-METHOD(guest_t, del_overlay, bool,
- private_guest_t *this, char *path)
-{
- return this->cowfs->del_overlay(this->cowfs, path);
-}
-
-METHOD(guest_t, pop_overlay, bool,
- private_guest_t *this)
-{
- return this->cowfs->pop_overlay(this->cowfs);
-}
-
-/**
- * Variadic version of the exec function
- */
-static int vexec(private_guest_t *this, void(*cb)(void*,char*,size_t), void *data,
- char *cmd, va_list args)
-{
- char buf[1024];
- size_t len;
-
- if (this->mconsole)
- {
- len = vsnprintf(buf, sizeof(buf), cmd, args);
-
- if (len > 0 && len < sizeof(buf))
- {
- return this->mconsole->exec(this->mconsole, cb, data, buf);
- }
- }
- return -1;
-}
-
-METHOD(guest_t, exec, int,
- private_guest_t *this, void(*cb)(void*,char*,size_t), void *data,
- char *cmd, ...)
-{
- int res;
- va_list args;
- va_start(args, cmd);
- res = vexec(this, cb, data, cmd, args);
- va_end(args);
- return res;
-}
-
-typedef struct {
- chunk_t buf;
- void (*cb)(void*,char*);
- void *data;
-} exec_str_t;
-
-/**
- * callback that combines chunks to a string. if a callback is given, the string
- * is split at newlines and the callback is called for each line.
- */
-static void exec_str_cb(exec_str_t *data, char *buf, size_t len)
-{
- if (!data->buf.ptr)
- {
- data->buf = chunk_alloc(len + 1);
- memcpy(data->buf.ptr, buf, len);
- data->buf.ptr[len] = '\0';
- }
- else
- {
- size_t newlen = strlen(data->buf.ptr) + len + 1;
- if (newlen > data->buf.len)
- {
- data->buf.ptr = realloc(data->buf.ptr, newlen);
- data->buf.len = newlen;
- }
- strncat(data->buf.ptr, buf, len);
- }
-
- if (data->cb)
- {
- char *nl;
- while ((nl = strchr(data->buf.ptr, '\n')) != NULL)
- {
- *nl++ = '\0';
- data->cb(data->data, data->buf.ptr);
- memmove(data->buf.ptr, nl, strlen(nl) + 1);
- }
- }
-}
-
-METHOD(guest_t, exec_str, int,
- private_guest_t *this, void(*cb)(void*,char*), bool lines, void *data,
- char *cmd, ...)
-{
- int res;
- va_list args;
- va_start(args, cmd);
- if (cb)
- {
- exec_str_t exec = { chunk_empty, NULL, NULL };
- if (lines)
- {
- exec.cb = cb;
- exec.data = data;
- }
- res = vexec(this, (void(*)(void*,char*,size_t))exec_str_cb, &exec, cmd, args);
- if (exec.buf.ptr)
- {
- if (!lines || strlen(exec.buf.ptr) > 0)
- {
- /* return the complete string or the remaining stuff in the
- * buffer (i.e. when there was no newline at the end) */
- cb(data, exec.buf.ptr);
- }
- chunk_free(&exec.buf);
- }
- }
- else
- {
- res = vexec(this, NULL, NULL, cmd, args);
- }
- va_end(args);
- return res;
-}
-
-METHOD(guest_t, sigchild, void,
- private_guest_t *this)
-{
- DESTROY_IF(this->mconsole);
- this->mconsole = NULL;
- this->state = GUEST_STOPPED;
-}
-
-/**
- * umount the union filesystem
- */
-static bool umount_unionfs(private_guest_t *this)
-{
- if (this->cowfs)
- {
- this->cowfs->destroy(this->cowfs);
- this->cowfs = NULL;
- return TRUE;
- }
- return FALSE;
-}
-
-/**
- * mount the union filesystem
- */
-static bool mount_unionfs(private_guest_t *this)
-{
- char master[PATH_MAX];
- char diff[PATH_MAX];
- char mount[PATH_MAX];
-
- if (this->cowfs == NULL)
- {
- snprintf(master, sizeof(master), "%s/%s", this->dirname, MASTER_DIR);
- snprintf(diff, sizeof(diff), "%s/%s", this->dirname, DIFF_DIR);
- snprintf(mount, sizeof(mount), "%s/%s", this->dirname, UNION_DIR);
-
- this->cowfs = cowfs_create(master, diff, mount);
- if (this->cowfs)
- {
- return TRUE;
- }
- }
- return FALSE;
-}
-
-/**
- * load args configuration from file
- */
-char *loadargs(private_guest_t *this)
-{
- FILE *file;
- char buf[512], *args = NULL;
-
- file = fdopen(openat(this->dir, ARGS_FILE, O_RDONLY, PERM), "r");
- if (file)
- {
- if (fgets(buf, sizeof(buf), file))
- {
- args = strdup(buf);
- }
- fclose(file);
- }
- return args;
-}
-
-/**
- * save args configuration to file
- */
-bool saveargs(private_guest_t *this, char *args)
-{
- FILE *file;
- bool retval = FALSE;
-
- file = fdopen(openat(this->dir, ARGS_FILE, O_RDWR | O_CREAT | O_TRUNC,
- PERM), "w");
- if (file)
- {
- if (fprintf(file, "%s", args) > 0)
- {
- retval = TRUE;
- }
- fclose(file);
- }
- return retval;
-}
-
-METHOD(guest_t, destroy, void,
- private_guest_t *this)
-{
- stop(this, NULL);
- umount_unionfs(this);
- if (this->dir > 0)
- {
- close(this->dir);
- }
- this->ifaces->destroy(this->ifaces);
- free(this->dirname);
- free(this->args);
- free(this->name);
- free(this);
-}
-
-/**
- * generic guest constructor
- */
-static private_guest_t *guest_create_generic(char *parent, char *name,
- bool create)
-{
- char cwd[PATH_MAX];
- private_guest_t *this;
-
- INIT(this,
- .public = {
- .get_name = _get_name,
- .get_pid = _get_pid,
- .get_state = _get_state,
- .create_iface = _create_iface,
- .destroy_iface = _destroy_iface,
- .create_iface_enumerator = _create_iface_enumerator,
- .start = _start,
- .stop = _stop,
- .add_overlay = _add_overlay,
- .del_overlay = _del_overlay,
- .pop_overlay = _pop_overlay,
- .exec = _exec,
- .exec_str = _exec_str,
- .sigchild = _sigchild,
- .destroy = _destroy,
- }
- );
-
- if (*parent == '/' || getcwd(cwd, sizeof(cwd)) == NULL)
- {
- if (asprintf(&this->dirname, "%s/%s", parent, name) < 0)
- {
- this->dirname = NULL;
- }
- }
- else
- {
- if (asprintf(&this->dirname, "%s/%s/%s", cwd, parent, name) < 0)
- {
- this->dirname = NULL;
- }
- }
- if (this->dirname == NULL)
- {
- free(this);
- return NULL;
- }
- if (create)
- {
- mkdir(this->dirname, PERME);
- }
- this->dir = open(this->dirname, O_DIRECTORY, PERME);
- if (this->dir < 0)
- {
- DBG1(DBG_LIB, "opening guest directory '%s' failed: %m", this->dirname);
- free(this->dirname);
- free(this);
- return NULL;
- }
- this->state = GUEST_STOPPED;
- this->ifaces = linked_list_create();
- this->name = strdup(name);
-
- return this;
-}
-
-/**
- * create a symlink to old called new in our working dir
- */
-static bool make_symlink(private_guest_t *this, char *old, char *new)
-{
- char cwd[PATH_MAX];
- char buf[PATH_MAX];
-
- if (*old == '/' || getcwd(cwd, sizeof(cwd)) == NULL)
- {
- snprintf(buf, sizeof(buf), "%s", old);
- }
- else
- {
- snprintf(buf, sizeof(buf), "%s/%s", cwd, old);
- }
- return symlinkat(buf, this->dir, new) == 0;
-}
-
-
-/**
- * create the guest instance, including required dirs and mounts
- */
-guest_t *guest_create(char *parent, char *name, char *kernel,
- char *master, char *args)
-{
- private_guest_t *this = guest_create_generic(parent, name, TRUE);
-
- if (this == NULL)
- {
- return NULL;
- }
-
- if (!make_symlink(this, master, MASTER_DIR) ||
- !make_symlink(this, kernel, KERNEL_FILE))
- {
- DBG1(DBG_LIB, "creating master/kernel symlink failed: %m");
- destroy(this);
- return NULL;
- }
-
- if (mkdirat(this->dir, UNION_DIR, PERME) != 0 ||
- mkdirat(this->dir, DIFF_DIR, PERME) != 0)
- {
- DBG1(DBG_LIB, "unable to create directories for '%s': %m", name);
- destroy(this);
- return NULL;
- }
-
- this->args = args;
- if (args && !saveargs(this, args))
- {
- destroy(this);
- return NULL;
- }
-
- if (!mount_unionfs(this))
- {
- destroy(this);
- return NULL;
- }
-
- return &this->public;
-}
-
-/**
- * load an already created guest
- */
-guest_t *guest_load(char *parent, char *name)
-{
- private_guest_t *this = guest_create_generic(parent, name, FALSE);
-
- if (this == NULL)
- {
- return NULL;
- }
-
- this->args = loadargs(this);
-
- if (!mount_unionfs(this))
- {
- destroy(this);
- return NULL;
- }
-
- return &this->public;
-}
-
diff --git a/src/dumm/guest.h b/src/dumm/guest.h
deleted file mode 100644
index 14c7272d0..000000000
--- a/src/dumm/guest.h
+++ /dev/null
@@ -1,222 +0,0 @@
-/*
- * Copyright (C) 2008-2009 Tobias Brunner
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef GUEST_H
-#define GUEST_H
-
-#include <library.h>
-#include <collections/enumerator.h>
-
-typedef enum guest_state_t guest_state_t;
-typedef struct guest_t guest_t;
-
-#include "iface.h"
-
-/**
- * State of a guest (started, stopped, ...)
- */
-enum guest_state_t {
- /** guest kernel not running at all */
- GUEST_STOPPED,
- /** kernel started, but not yet available */
- GUEST_STARTING,
- /** guest is up and running */
- GUEST_RUNNING,
- /** guest has been paused */
- GUEST_PAUSED,
- /** guest is stopping (shutting down) */
- GUEST_STOPPING,
-};
-
-/**
- * string mappings for guest_state_t
- */
-extern enum_name_t *guest_state_names;
-
-/**
- * Invoke function which launches the UML guest.
- *
- * Consoles are all set to NULL, you may change them by adding additional UML
- * options to args before invocation.
- *
- * @param data callback data
- * @param guest guest to start
- * @param args args to use for guest invocation, args[0] is kernel
- * @param argc number of elements in args
- * @param idle
- * @return PID of child, 0 if failed
- */
-typedef pid_t (*invoke_function_t)(void *data, guest_t *guest,
- char *args[], int argc);
-
-/**
- * Idle function to pass to start().
- */
-typedef void (*idle_function_t)(void);
-
-/**
- * A guest is a UML instance running on the host.
- **/
-struct guest_t {
-
- /**
- * Get the name of this guest.
- *
- * @return name of the guest
- */
- char* (*get_name) (guest_t *this);
-
- /**
- * Get the process ID of the guest child process.
- *
- * @return name of the guest
- */
- pid_t (*get_pid) (guest_t *this);
-
- /**
- * Get the state of the guest (stopped, started, etc.).
- *
- * @return guests state
- */
- guest_state_t (*get_state)(guest_t *this);
-
- /**
- * Start the guest.
- *
- * @param invoke UML guest invocation function
- * @param data data to pass back to invoke function
- * @param idle idle function to call while waiting on child
- * @return TRUE if guest successfully started
- */
- bool (*start) (guest_t *this, invoke_function_t invoke, void *data,
- idle_function_t idle);
-
- /**
- * Kill the guest.
- *
- * @param idle idle function to call while waiting to termination
- */
- void (*stop) (guest_t *this, idle_function_t idle);
-
- /**
- * Create a new interface in the current scenario.
- *
- * @param name name of the interface in the guest
- * @return created interface, or NULL if failed
- */
- iface_t* (*create_iface)(guest_t *this, char *name);
-
- /**
- * Destroy an interface on guest.
- *
- * @param iface interface to destroy
- */
- void (*destroy_iface)(guest_t *this, iface_t *iface);
-
- /**
- * Create an enumerator over all guest interfaces.
- *
- * @return enumerator over iface_t's
- */
- enumerator_t* (*create_iface_enumerator)(guest_t *this);
-
- /**
- * Adds a COWFS overlay. The directory is created if it does not exist.
- *
- * @param dir directory where overlay diff should point to
- * @return FALSE, if failed
- */
- bool (*add_overlay)(guest_t *this, char *dir);
-
- /**
- * Removes the specified COWFS overlay.
- *
- * @param dir directory where overlay diff points to
- * @return FALSE, if no found
- */
- bool (*del_overlay)(guest_t *this, char *dir);
-
- /**
- * Removes the latest COWFS overlay.
- *
- * @return FALSE, if no overlay was found
- */
- bool (*pop_overlay)(guest_t *this);
-
- /**
- * Execute a command on the guests mconsole.
- *
- * @param cb callback to call for each read block
- * @param data data to pass to callback
- * @param cmd command to execute
- * @param ... printf style argument list for cmd
- * @return return value
- */
- int (*exec)(guest_t *this, void(*cb)(void*,char*,size_t), void *data,
- char *cmd, ...);
-
- /**
- * Execute a command on the guests mconsole, with output formatter.
- *
- * If lines is TRUE, callback is invoked for each output line. Otherwise
- * the full result is returned in one callback invocation.
- *
- * @note This function does not work with binary output.
- *
- * @param cb callback to call for each line or for the complete output
- * @param lines TRUE if the callback should be called for each line
- * @param data data to pass to callback
- * @param cmd command to execute
- * @param ... printf style argument list for cmd
- * @return return value
- */
- int (*exec_str)(guest_t *this, void(*cb)(void*,char*), bool lines,
- void *data, char *cmd, ...);
-
- /**
- * Called whenever a SIGCHILD for the guests PID is received.
- */
- void (*sigchild)(guest_t *this);
-
- /**
- * Close and destroy a guest with all interfaces
- */
- void (*destroy) (guest_t *this);
-};
-
-/**
- * Create a new, unstarted guest.
- *
- * @param parent parent directory to create the guest in
- * @param name name of the guest to create
- * @param kernel kernel this guest uses
- * @param master read-only master filesystem for guest
- * @param args additional args to pass to kernel
- * @param mem amount of memory to give the guest
- */
-guest_t *guest_create(char *parent, char *name, char *kernel,
- char *master, char *args);
-
-/**
- * Load a guest created with guest_create().
- *
- * @param parent parent directory to look for a guest
- * @param name name of the guest directory
- */
-guest_t *guest_load(char *parent, char *name);
-
-#endif /* GUEST_H */
-
diff --git a/src/dumm/iface.c b/src/dumm/iface.c
deleted file mode 100644
index 3642ed8a2..000000000
--- a/src/dumm/iface.c
+++ /dev/null
@@ -1,299 +0,0 @@
-/*
- * Copyright (C) 2008 Tobias Brunner
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- * Copyright (C) 2002 Jeff Dike
- *
- * Based on the "tunctl" utility from Jeff Dike.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <sys/types.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <net/if.h>
-#include <sys/ioctl.h>
-#include <linux/if_tun.h>
-
-#include <utils/debug.h>
-#include <collections/linked_list.h>
-
-#include "iface.h"
-
-typedef struct private_iface_t private_iface_t;
-
-struct private_iface_t {
- /** public interface */
- iface_t public;
- /** device name in guest (eth0) */
- char *guestif;
- /** device name at host (tap0) */
- char *hostif;
- /** bridge this interface is attached to */
- bridge_t *bridge;
- /** guest this interface is attached to */
- guest_t *guest;
- /** mconsole for guest */
- mconsole_t *mconsole;
-};
-
-/**
- * bring an interface up or down (host side)
- */
-bool iface_control(char *name, bool up)
-{
- int s;
- bool good = FALSE;
- struct ifreq ifr;
-
- memset(&ifr, 0, sizeof(struct ifreq));
- strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name));
-
- s = socket(AF_INET, SOCK_DGRAM, 0);
- if (!s)
- {
- return FALSE;
- }
- if (ioctl(s, SIOCGIFFLAGS, &ifr) == 0)
- {
- if (up)
- {
- ifr.ifr_flags |= IFF_UP;
- }
- else
- {
- ifr.ifr_flags &= ~IFF_UP;
- }
- if (ioctl(s, SIOCSIFFLAGS, &ifr) == 0)
- {
- good = TRUE;
- }
- }
- close(s);
- return good;
-}
-
-METHOD(iface_t, get_guestif, char*,
- private_iface_t *this)
-{
- return this->guestif;
-}
-
-METHOD(iface_t, get_hostif, char*,
- private_iface_t *this)
-{
- return this->hostif;
-}
-
-METHOD(iface_t, add_address, bool,
- private_iface_t *this, host_t *addr, int bits)
-{
- return (this->guest->exec(this->guest, NULL, NULL,
- "exec ip addr add %H/%d dev %s", addr, bits, this->guestif) == 0);
-}
-
-/**
- * compile a list of the addresses of an interface
- */
-static void compile_address_list(linked_list_t *list, char *address)
-{
- host_t *host = host_create_from_string(address, 0);
- if (host)
- {
- list->insert_last(list, host);
- }
-}
-
-/**
- * delete the list of addresses
- */
-static void destroy_address_list(linked_list_t *list)
-{
- list->destroy_offset(list, offsetof(host_t, destroy));
-}
-
-METHOD(iface_t, create_address_enumerator, enumerator_t*,
- private_iface_t *this)
-{
- linked_list_t *addresses = linked_list_create();
- this->guest->exec_str(this->guest, (void(*)(void*,char*))compile_address_list,
- TRUE, addresses,
- "exec ip addr list dev %s scope global | "
- "grep '^ \\+\\(inet6\\? \\)' | "
- "awk -F '( +|/)' '{ print $3 }'", this->guestif);
- return enumerator_create_cleaner(addresses->create_enumerator(addresses),
- (void(*)(void*))destroy_address_list, addresses);
-}
-
-METHOD(iface_t, delete_address, bool,
- private_iface_t *this, host_t *addr, int bits)
-{
- return (this->guest->exec(this->guest, NULL, NULL,
- "exec ip addr del %H/%d dev %s", addr, bits, this->guestif) == 0);
-}
-
-METHOD(iface_t, set_bridge, void,
- private_iface_t *this, bridge_t *bridge)
-{
- if (this->bridge == NULL && bridge)
- {
- this->guest->exec(this->guest, NULL, NULL,
- "exec ip link set %s up", this->guestif);
- }
- else if (this->bridge && bridge == NULL)
- {
- this->guest->exec(this->guest, NULL, NULL,
- "exec ip link set %s down", this->guestif);
- }
- this->bridge = bridge;
-}
-
-METHOD(iface_t, get_bridge, bridge_t*,
- private_iface_t *this)
-{
- return this->bridge;
-}
-
-METHOD(iface_t, get_guest, guest_t*,
- private_iface_t *this)
-{
- return this->guest;
-}
-
-/**
- * destroy the tap device
- */
-static bool destroy_tap(private_iface_t *this)
-{
- struct ifreq ifr;
- int tap;
-
- if (!iface_control(this->hostif, FALSE))
- {
- DBG1(DBG_LIB, "bringing iface down failed: %m");
- }
- memset(&ifr, 0, sizeof(ifr));
- ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
- strncpy(ifr.ifr_name, this->hostif, sizeof(ifr.ifr_name) - 1);
-
- tap = open(TAP_DEVICE, O_RDWR);
- if (tap < 0)
- {
- DBG1(DBG_LIB, "unable to open tap device %s: %m", TAP_DEVICE);
- return FALSE;
- }
- if (ioctl(tap, TUNSETIFF, &ifr) < 0 ||
- ioctl(tap, TUNSETPERSIST, 0) < 0)
- {
- DBG1(DBG_LIB, "removing %s failed: %m", this->hostif);
- close(tap);
- return FALSE;
- }
- close(tap);
- return TRUE;
-}
-
-/**
- * create the tap device
- */
-static char* create_tap(private_iface_t *this)
-{
- struct ifreq ifr;
- int tap;
-
- memset(&ifr, 0, sizeof(ifr));
- ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
- snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s-%s",
- this->guest->get_name(this->guest), this->guestif);
-
- tap = open(TAP_DEVICE, O_RDWR);
- if (tap < 0)
- {
- DBG1(DBG_LIB, "unable to open tap device %s: %m", TAP_DEVICE);
- return NULL;
- }
- if (ioctl(tap, TUNSETIFF, &ifr) < 0 ||
- ioctl(tap, TUNSETPERSIST, 1) < 0 ||
- ioctl(tap, TUNSETOWNER, 0))
- {
- DBG1(DBG_LIB, "creating new tap device failed: %m");
- close(tap);
- return NULL;
- }
- close(tap);
- return strdup(ifr.ifr_name);
-}
-
-METHOD(iface_t, destroy, void,
- private_iface_t *this)
-{
- if (this->bridge)
- {
- this->bridge->disconnect_iface(this->bridge, &this->public);
- }
- /* TODO: iface mgmt is not blocking yet, so wait some ticks */
- usleep(50000);
- this->mconsole->del_iface(this->mconsole, this->guestif);
- destroy_tap(this);
- free(this->guestif);
- free(this->hostif);
- free(this);
-}
-
-/**
- * create the iface instance
- */
-iface_t *iface_create(char *name, guest_t *guest, mconsole_t *mconsole)
-{
- private_iface_t *this;
-
- INIT(this,
- .public = {
- .get_hostif = _get_hostif,
- .get_guestif = _get_guestif,
- .add_address = _add_address,
- .create_address_enumerator = _create_address_enumerator,
- .delete_address = _delete_address,
- .set_bridge = _set_bridge,
- .get_bridge = _get_bridge,
- .get_guest = _get_guest,
- .destroy = _destroy,
- },
- .mconsole = mconsole,
- .guestif = strdup(name),
- .guest = guest,
- );
- this->hostif = create_tap(this);
- if (this->hostif == NULL)
- {
- destroy_tap(this);
- free(this->guestif);
- free(this);
- return NULL;
- }
- if (!this->mconsole->add_iface(this->mconsole, this->guestif, this->hostif))
- {
- DBG1(DBG_LIB, "creating interface '%s' in guest failed", this->guestif);
- destroy_tap(this);
- free(this->guestif);
- free(this->hostif);
- free(this);
- return NULL;
- }
- if (!iface_control(this->hostif, TRUE))
- {
- DBG1(DBG_LIB, "bringing iface '%s' up failed: %m", this->hostif);
- }
- return &this->public;
-}
-
diff --git a/src/dumm/iface.h b/src/dumm/iface.h
deleted file mode 100644
index e6e8775a0..000000000
--- a/src/dumm/iface.h
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef IFACE_H
-#define IFACE_H
-
-#include <library.h>
-#include <collections/enumerator.h>
-#include <networking/host.h>
-
-#define TAP_DEVICE "/dev/net/tun"
-
-typedef struct iface_t iface_t;
-
-#include "mconsole.h"
-#include "bridge.h"
-#include "guest.h"
-
-/**
- * Interface in a guest, connected to a tap device on the host.
- */
-struct iface_t {
-
- /**
- * Get the interface name in the guest (e.g. eth0).
- *
- * @return guest interface name
- */
- char* (*get_guestif)(iface_t *this);
-
- /**
- * Get the interface name at the host (e.g. tap0).
- *
- * @return host interface (tap device) name
- */
- char* (*get_hostif)(iface_t *this);
-
- /**
- * Add an address to the interface.
- *
- * @param addr address to add to the interface
- * @param bits network prefix length in bits
- * @return TRUE if address added
- */
- bool (*add_address)(iface_t *this, host_t *addr, int bits);
-
- /**
- * Create an enumerator over all installed addresses.
- *
- * @return enumerator over host_t*
- */
- enumerator_t* (*create_address_enumerator)(iface_t *this);
-
- /**
- * Remove an address from an interface.
- *
- * @note The network prefix length has to be the same as used in add_address
- *
- * @param addr address to remove
- * @param bits network prefix length in bits
- * @return TRUE if address removed
- */
- bool (*delete_address)(iface_t *this, host_t *addr, int bits);
-
- /**
- * Set the bridge this interface is attached to.
- *
- * @param bridge assigned bridge, or NULL for none
- */
- void (*set_bridge)(iface_t *this, bridge_t *bridge);
-
- /**
- * Get the bridge this iface is connected, or NULL.
- *
- * @return connected bridge, or NULL
- */
- bridge_t* (*get_bridge)(iface_t *this);
-
- /**
- * Get the guest this iface belongs to.
- *
- * @return guest of this iface
- */
- guest_t* (*get_guest)(iface_t *this);
-
- /**
- * Destroy an interface
- */
- void (*destroy) (iface_t *this);
-};
-
-/**
- * Create a new interface for a guest
- *
- * @param name name of the interface in the guest
- * @param guest guest this iface is connecting
- * @param mconsole mconsole of guest
- * @return interface descriptor, or NULL if failed
- */
-iface_t *iface_create(char *name, guest_t *guest, mconsole_t *mconsole);
-
-#endif /* IFACE_H */
-
diff --git a/src/dumm/irdumm.c b/src/dumm/irdumm.c
deleted file mode 100644
index eb61da2c2..000000000
--- a/src/dumm/irdumm.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#undef PACKAGE_NAME
-#undef PACKAGE_TARNAME
-#undef PACKAGE_VERSION
-#undef PACKAGE_STRING
-#undef PACKAGE_BUGREPORT
-#undef PACKAGE_URL
-#undef HAVE_DLADDR
-#undef HAVE_QSORT_R
-#include <ruby.h>
-
-#ifdef HAVE_RB_ERRINFO
-#define ruby_errinfo rb_errinfo()
-#endif
-
-/**
- * main routine, parses args and reads from console
- */
-int main(int argc, char *argv[])
-{
- int state, i;
- char buf[512];
-
- ruby_init();
- ruby_init_loadpath();
-
- rb_eval_string_protect("require 'dumm' and include Dumm", &state);
- if (state)
- {
- rb_p(ruby_errinfo);
- printf("Please install the ruby extension first!\n");
- }
- for (i = 1; i < argc; i++)
- {
- snprintf(buf, sizeof(buf), "load \"%s\"", argv[i]);
- printf("%s\n", buf);
- rb_eval_string_protect(buf, &state);
- if (state)
- {
- rb_p(ruby_errinfo);
- }
- }
- rb_require("irb");
- rb_require("irb/completion");
- rb_eval_string_protect("IRB.start", &state);
- if (state)
- {
- rb_p(ruby_errinfo);
- }
-
- ruby_finalize();
- return 0;
-}
-
diff --git a/src/dumm/main.c b/src/dumm/main.c
deleted file mode 100644
index 1b5bef736..000000000
--- a/src/dumm/main.c
+++ /dev/null
@@ -1,629 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "dumm.h"
-
-#include <collections/linked_list.h>
-
-#include <sys/types.h>
-#include <unistd.h>
-#include <sched.h>
-
-#include <glib.h>
-#include <gtk/gtk.h>
-#include <vte/vte.h>
-#include <vte/reaper.h>
-
-/**
- * notebook page with vte and guest
- */
-typedef struct {
- gint num;
- GtkWidget *vte;
- guest_t *guest;
-} page_t;
-
-/**
- * Main window
- */
-GtkWidget *window;
-
-/**
- * notebook with guests, vtes
- */
-GtkWidget *notebook;
-
-/**
- * dumm context
- */
-dumm_t *dumm;
-
-/**
- * pages in notebook, page_t
- */
-linked_list_t *pages;
-
-/**
- * handle guest termination, SIGCHILD
- */
-static void child_exited(VteReaper *vtereaper, gint pid, gint status)
-{
- enumerator_t *enumerator;
- page_t *page;
-
- enumerator = pages->create_enumerator(pages);
- while (enumerator->enumerate(enumerator, (void**)&page))
- {
- if (page->guest->get_pid(page->guest) == pid)
- {
- page->guest->sigchild(page->guest);
- vte_terminal_feed(VTE_TERMINAL(page->vte),
- "\n\r--- guest terminated ---\n\r", -1);
- break;
- }
- }
- enumerator->destroy(enumerator);
-}
-
-static page_t* get_page(int num)
-{
- enumerator_t *enumerator;
- page_t *page, *found = NULL;
-
- enumerator = pages->create_enumerator(pages);
- while (enumerator->enumerate(enumerator, (void**)&page))
- {
- if (page->num == num)
- {
- found = page;
- break;
- }
- }
- enumerator->destroy(enumerator);
- return found;
-}
-
-/**
- * Guest invocation callback
- */
-static pid_t invoke(void *vte, guest_t *guest,
- char *args[], int argc)
-{
- GPid pid;
-
- if (vte_terminal_fork_command_full(VTE_TERMINAL(vte),
- VTE_PTY_NO_LASTLOG | VTE_PTY_NO_UTMP | VTE_PTY_NO_WTMP,
- NULL, args, NULL,
- G_SPAWN_CHILD_INHERITS_STDIN | G_SPAWN_SEARCH_PATH,
- NULL, NULL, &pid, NULL))
- {
- return pid;
- }
- return 0;
-}
-
-void idle(void)
-{
- gtk_main_iteration_do(FALSE);
- sched_yield();
-}
-
-static void start_guest()
-{
- page_t *page;
-
- page = get_page(gtk_notebook_get_current_page(GTK_NOTEBOOK(notebook)));
- if (page && page->guest->get_state(page->guest) == GUEST_STOPPED)
- {
- vte_terminal_feed(VTE_TERMINAL(page->vte),
- "--- starting guest ---\n\r", -1);
- page->guest->start(page->guest, invoke, VTE_TERMINAL(page->vte), idle);
- }
-}
-
-static void start_all_guests()
-{
- enumerator_t *enumerator;
- page_t *page;
-
- enumerator = pages->create_enumerator(pages);
- while (enumerator->enumerate(enumerator, (void**)&page))
- {
- if (page->guest->get_state(page->guest) == GUEST_STOPPED)
- {
- vte_terminal_feed(VTE_TERMINAL(page->vte),
- "--- starting all guests ---\n\r", -1);
- page->guest->start(page->guest, invoke,
- VTE_TERMINAL(page->vte), idle);
- }
- }
- enumerator->destroy(enumerator);
-}
-
-static void stop_guest()
-{
- page_t *page;
-
- page = get_page(gtk_notebook_get_current_page(GTK_NOTEBOOK(notebook)));
- if (page && page->guest->get_state(page->guest) == GUEST_RUNNING)
- {
- page->guest->stop(page->guest, idle);
- }
-}
-
-/**
- * quit signal handler
- */
-static void quit()
-{
- enumerator_t *enumerator;
- page_t *page;
-
- dumm->load_template(dumm, NULL);
-
- enumerator = pages->create_enumerator(pages);
- while (enumerator->enumerate(enumerator, &page))
- {
- if (page->guest->get_state(page->guest) != GUEST_STOPPED)
- {
- page->guest->stop(page->guest, idle);
- }
- }
- enumerator->destroy(enumerator);
- gtk_main_quit();
-}
-
-static void error_dialog(char *msg)
-{
- GtkWidget *error;
-
- error = gtk_message_dialog_new(GTK_WINDOW(window),
- GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_ERROR,
- GTK_BUTTONS_CLOSE, msg);
- gtk_dialog_run(GTK_DIALOG(error));
- gtk_widget_destroy(error);
-}
-
-static void create_switch()
-{
- GtkWidget *dialog, *table, *label, *name;
- bridge_t *bridge;
-
- dialog = gtk_dialog_new_with_buttons("Create new switch", GTK_WINDOW(window),
- GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT,
- GTK_STOCK_CANCEL, GTK_RESPONSE_REJECT,
- GTK_STOCK_NEW, GTK_RESPONSE_ACCEPT, NULL);
-
- table = gtk_table_new(1, 2, TRUE);
- gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), table);
-
- label = gtk_label_new("Switch name");
- gtk_table_attach(GTK_TABLE(table), label, 0, 1, 0, 1, 0, 0, 0, 0);
- gtk_widget_show(label);
-
- name = gtk_entry_new();
- gtk_table_attach(GTK_TABLE(table), name, 1, 2, 0, 1,
- GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0);
- gtk_widget_show(name);
-
- gtk_widget_show(table);
-
- while (TRUE)
- {
- switch (gtk_dialog_run(GTK_DIALOG(dialog)))
- {
- case GTK_RESPONSE_ACCEPT:
- {
- if (streq(gtk_entry_get_text(GTK_ENTRY(name)), ""))
- {
- continue;
- }
- bridge = dumm->create_bridge(dumm,
- (char*)gtk_entry_get_text(GTK_ENTRY(name)));
- if (!bridge)
- {
- error_dialog("creating bridge failed!");
- continue;
- }
- break;
- }
- default:
- break;
- }
- break;
- }
- gtk_widget_destroy(dialog);
-}
-
-static void delete_switch()
-{
-
-}
-
-static void connect_guest()
-{
- page_t *page;
- GtkWidget *dialog, *table, *label, *name, *box;
- bridge_t *bridge;
- iface_t *iface;
- enumerator_t *enumerator;
-
- page = get_page(gtk_notebook_get_current_page(GTK_NOTEBOOK(notebook)));
- if (!page || page->guest->get_state(page->guest) != GUEST_RUNNING)
- {
- return;
- }
-
- dialog = gtk_dialog_new_with_buttons("Connect guest", GTK_WINDOW(window),
- GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT,
- GTK_STOCK_CANCEL, GTK_RESPONSE_REJECT,
- GTK_STOCK_NEW, GTK_RESPONSE_ACCEPT, NULL);
-
- table = gtk_table_new(2, 2, TRUE);
- gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), table);
-
- label = gtk_label_new("Interface name");
- gtk_table_attach(GTK_TABLE(table), label, 0, 1, 0, 1, 0, 0, 0, 0);
- gtk_widget_show(label);
-
- name = gtk_entry_new();
- gtk_table_attach(GTK_TABLE(table), name, 1, 2, 0, 1,
- GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0);
- gtk_widget_show(name);
-
- label = gtk_label_new("Connected switch");
- gtk_table_attach(GTK_TABLE(table), label, 0, 1, 1, 2, 0, 0, 0, 0);
- gtk_widget_show(label);
-
- box = gtk_combo_box_new_text();
- gtk_table_attach(GTK_TABLE(table), box, 1, 2, 1, 2,
- GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0);
- enumerator = dumm->create_bridge_enumerator(dumm);
- while (enumerator->enumerate(enumerator, &bridge))
- {
- gtk_combo_box_append_text(GTK_COMBO_BOX(box), bridge->get_name(bridge));
- }
- enumerator->destroy(enumerator);
- gtk_widget_show(box);
-
- gtk_widget_show(table);
-
- while (TRUE)
- {
- switch (gtk_dialog_run(GTK_DIALOG(dialog)))
- {
- case GTK_RESPONSE_ACCEPT:
- {
- if (streq(gtk_entry_get_text(GTK_ENTRY(name)), ""))
- {
- continue;
- }
-
- iface = page->guest->create_iface(page->guest,
- (char*)gtk_entry_get_text(GTK_ENTRY(name)));
- if (!iface)
- {
- error_dialog("creating interface failed!");
- continue;
- }
- enumerator = dumm->create_bridge_enumerator(dumm);
- while (enumerator->enumerate(enumerator, &bridge))
- {
- if (!bridge->connect_iface(bridge, iface))
- {
- error_dialog("connecting interface failed!");
- }
- break;
- }
- enumerator->destroy(enumerator);
- break;
- }
- default:
- break;
- }
- break;
- }
- gtk_widget_destroy(dialog);
-}
-
-static void disconnect_guest()
-{
-
-}
-
-static void delete_guest()
-{
- page_t *page;
-
- page = get_page(gtk_notebook_get_current_page(GTK_NOTEBOOK(notebook)));
- if (page)
- {
- page->guest->stop(page->guest, idle);
- dumm->delete_guest(dumm, page->guest);
- gtk_notebook_remove_page(GTK_NOTEBOOK(notebook), page->num);
- pages->remove(pages, page, NULL);
- g_free(page);
- }
-}
-
-/**
- * create a new page for a guest
- */
-static page_t* create_page(guest_t *guest)
-{
- GtkWidget *label;
- page_t *page;
-
- page = g_new(page_t, 1);
- page->guest = guest;
- page->vte = vte_terminal_new();
- label = gtk_label_new(guest->get_name(guest));
- page->num = gtk_notebook_append_page(GTK_NOTEBOOK(notebook),
- page->vte, label);
- gtk_widget_show(page->vte);
- pages->insert_last(pages, page);
- return page;
-}
-
-/**
- * create a new guest
- */
-static void create_guest()
-{
- guest_t *guest;
- GtkWidget *dialog, *table, *label, *name, *kernel, *master, *args;
-
- dialog = gtk_dialog_new_with_buttons("Create new guest", GTK_WINDOW(window),
- GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT,
- GTK_STOCK_CANCEL, GTK_RESPONSE_REJECT,
- GTK_STOCK_NEW, GTK_RESPONSE_ACCEPT, NULL);
-
- table = gtk_table_new(4, 2, TRUE);
- gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), table);
-
- label = gtk_label_new("Guest name");
- gtk_table_attach(GTK_TABLE(table), label, 0, 1, 0, 1, 0, 0, 0, 0);
- gtk_widget_show(label);
-
- label = gtk_label_new("UML kernel");
- gtk_table_attach(GTK_TABLE(table), label, 0, 1, 1, 2, 0, 0, 0, 0);
- gtk_widget_show(label);
-
- label = gtk_label_new("Master filesystem");
- gtk_table_attach(GTK_TABLE(table), label, 0, 1, 2, 3, 0, 0, 0, 0);
- gtk_widget_show(label);
-
- label = gtk_label_new("Kernel arguments");
- gtk_table_attach(GTK_TABLE(table), label, 0, 1, 3, 4, 0, 0, 0, 0);
- gtk_widget_show(label);
-
- name = gtk_entry_new();
- gtk_table_attach(GTK_TABLE(table), name, 1, 2, 0, 1,
- GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0);
- gtk_widget_show(name);
-
- kernel = gtk_file_chooser_button_new("Select UML kernel image",
- GTK_FILE_CHOOSER_ACTION_OPEN);
- gtk_table_attach(GTK_TABLE(table), kernel, 1, 2, 1, 2,
- GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0);
- gtk_widget_show(kernel);
-
- master = gtk_file_chooser_button_new("Select master filesystem",
- GTK_FILE_CHOOSER_ACTION_SELECT_FOLDER);
- gtk_table_attach(GTK_TABLE(table), master, 1, 2, 2, 3,
- GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0);
- gtk_widget_show(master);
-
- args = gtk_entry_new();
- gtk_table_attach(GTK_TABLE(table), args, 1, 2, 3, 4,
- GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0);
- gtk_widget_show(args);
-
- gtk_widget_show(table);
-
- while (TRUE)
- {
- switch (gtk_dialog_run(GTK_DIALOG(dialog)))
- {
- case GTK_RESPONSE_ACCEPT:
- {
- char *sname, *skernel, *smaster, *sargs;
- page_t *page;
-
- sname = (char*)gtk_entry_get_text(GTK_ENTRY(name));
- skernel = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(kernel));
- smaster = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(master));
- sargs = (char*)gtk_entry_get_text(GTK_ENTRY(args));
-
- if (!sname[0] || !skernel || !smaster)
- {
- continue;
- }
- guest = dumm->create_guest(dumm, sname, skernel, smaster, sargs);
- if (!guest)
- {
- error_dialog("creating guest failed!");
- continue;
- }
- page = create_page(guest);
- gtk_notebook_set_current_page(GTK_NOTEBOOK(notebook), page->num);
- break;
- }
- default:
- break;
- }
- break;
- }
- gtk_widget_destroy(dialog);
-}
-
-/**
- * main routine, parses args and reads from console
- */
-int main(int argc, char *argv[])
-{
- GtkWidget *menubar, *menu, *menuitem, *vbox;
- GtkWidget *dummMenu, *guestMenu, *switchMenu;
- enumerator_t *enumerator;
- guest_t *guest;
-
- library_init(NULL, "dumm");
- gtk_init(&argc, &argv);
-
- pages = linked_list_create();
- dumm = dumm_create(NULL);
-
- /* setup window */
- window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
- g_signal_connect(G_OBJECT(window), "destroy", G_CALLBACK(quit), NULL);
- gtk_window_set_title(GTK_WINDOW (window), "Dumm");
- gtk_window_set_default_size(GTK_WINDOW (window), 1000, 500);
- g_signal_connect(G_OBJECT(vte_reaper_get()), "child-exited",
- G_CALLBACK(child_exited), NULL);
-
- /* add vbox with menubar, notebook */
- vbox = gtk_vbox_new(FALSE, 0);
- gtk_container_add(GTK_CONTAINER(window), vbox);
- menubar = gtk_menu_bar_new();
- gtk_box_pack_start(GTK_BOX(vbox), menubar, FALSE, TRUE, 0);
- notebook = gtk_notebook_new();
- g_object_set(G_OBJECT(notebook), "homogeneous", TRUE, NULL);
- gtk_notebook_set_tab_pos(GTK_NOTEBOOK(notebook), GTK_POS_BOTTOM);
- gtk_container_add(GTK_CONTAINER(vbox), notebook);
-
- /* Dumm menu */
- menu = gtk_menu_new();
- dummMenu = gtk_menu_item_new_with_mnemonic("_Dumm");
- gtk_menu_bar_append(GTK_MENU_BAR(menubar), dummMenu);
- gtk_widget_show(dummMenu);
- gtk_menu_item_set_submenu(GTK_MENU_ITEM(dummMenu), menu);
-
- /* Dumm -> exit */
- menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_QUIT, NULL);
- g_signal_connect(G_OBJECT(menuitem), "activate",
- G_CALLBACK(quit), NULL);
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_show(menuitem);
-
- /* Guest menu */
- menu = gtk_menu_new();
- guestMenu = gtk_menu_item_new_with_mnemonic("_Guest");
- gtk_menu_bar_append(GTK_MENU_BAR(menubar), guestMenu);
- gtk_widget_show(guestMenu);
- gtk_menu_item_set_submenu(GTK_MENU_ITEM(guestMenu), menu);
-
- /* Guest -> new */
- menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_NEW, NULL);
- g_signal_connect(G_OBJECT(menuitem), "activate",
- G_CALLBACK(create_guest), NULL);
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_show(menuitem);
-
- /* Guest -> delete */
- menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_DELETE, NULL);
- g_signal_connect(G_OBJECT(menuitem), "activate",
- G_CALLBACK(delete_guest), NULL);
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_show(menuitem);
-
- menuitem = gtk_separator_menu_item_new();
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_show(menuitem);
-
- /* Guest -> start */
- menuitem = gtk_menu_item_new_with_mnemonic("_Start");
- g_signal_connect(G_OBJECT(menuitem), "activate",
- G_CALLBACK(start_guest), NULL);
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_show(menuitem);
-
- /* Guest -> startall */
- menuitem = gtk_menu_item_new_with_mnemonic("Start _all");
- g_signal_connect(G_OBJECT(menuitem), "activate",
- G_CALLBACK(start_all_guests), NULL);
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_show(menuitem);
-
- /* Guest -> stop */
- menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_STOP, NULL);
- g_signal_connect(G_OBJECT(menuitem), "activate",
- G_CALLBACK(stop_guest), NULL);
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_show(menuitem);
-
- menuitem = gtk_separator_menu_item_new();
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_show(menuitem);
-
- /* Guest -> connect */
- menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_CONNECT, NULL);
- g_signal_connect(G_OBJECT(menuitem), "activate",
- G_CALLBACK(connect_guest), NULL);
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_show(menuitem);
-
- /* Guest -> disconnect */
- menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_DISCONNECT, NULL);
- g_signal_connect(G_OBJECT(menuitem), "activate",
- G_CALLBACK(disconnect_guest), NULL);
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_set_sensitive(menuitem, FALSE);
- gtk_widget_show(menuitem);
-
- /* Switch menu */
- menu = gtk_menu_new();
- switchMenu = gtk_menu_item_new_with_mnemonic("_Switch");
- gtk_menu_bar_append(GTK_MENU_BAR(menubar), switchMenu);
- gtk_widget_show(switchMenu);
- gtk_menu_item_set_submenu(GTK_MENU_ITEM(switchMenu), menu);
-
- /* Switch -> new */
- menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_NEW, NULL);
- g_signal_connect(G_OBJECT(menuitem), "activate",
- G_CALLBACK(create_switch), NULL);
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_show(menuitem);
-
- /* Switch -> delete */
- menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_DELETE, NULL);
- g_signal_connect(G_OBJECT(menuitem), "activate",
- G_CALLBACK(delete_switch), NULL);
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_set_sensitive(menuitem, FALSE);
- gtk_widget_show(menuitem);
-
- /* show widgets */
- gtk_widget_show(menubar);
- gtk_widget_show(notebook);
- gtk_widget_show(vbox);
- gtk_widget_show(window);
-
- /* fill notebook with guests */
- enumerator = dumm->create_guest_enumerator(dumm);
- while (enumerator->enumerate(enumerator, (void**)&guest))
- {
- create_page(guest);
- }
- enumerator->destroy(enumerator);
-
- gtk_main();
-
- dumm->destroy(dumm);
- pages->destroy_function(pages, g_free);
-
- library_deinit();
- return 0;
-}
-
diff --git a/src/dumm/mconsole.c b/src/dumm/mconsole.c
deleted file mode 100644
index 3e31bc694..000000000
--- a/src/dumm/mconsole.c
+++ /dev/null
@@ -1,353 +0,0 @@
-/*
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- * Copyright (C) 2001-2004 Jeff Dike
- *
- * Based on the "uml_mconsole" utility from Jeff Dike.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define _GNU_SOURCE
-
-#include <sys/types.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <sys/socket.h>
-#include <errno.h>
-#include <sys/un.h>
-
-#include <utils/debug.h>
-
-#include "mconsole.h"
-
-#define MCONSOLE_MAGIC 0xcafebabe
-#define MCONSOLE_VERSION 2
-#define MCONSOLE_MAX_DATA 512
-
-typedef struct private_mconsole_t private_mconsole_t;
-
-struct private_mconsole_t {
- /** public interface */
- mconsole_t public;
- /** mconsole socket */
- int console;
- /** notify socket */
- int notify;
- /** address of uml socket */
- struct sockaddr_un uml;
- /** idle function */
- void (*idle)(void);
-};
-
-/**
- * mconsole message format from "arch/um/include/mconsole.h"
- */
-typedef struct mconsole_request mconsole_request;
-/** mconsole request message */
-struct mconsole_request {
- uint32_t magic;
- uint32_t version;
- uint32_t len;
- char data[MCONSOLE_MAX_DATA];
-};
-
-
-typedef struct mconsole_reply mconsole_reply;
-/** mconsole reply message */
-struct mconsole_reply {
- uint32_t err;
- uint32_t more;
- uint32_t len;
- char data[MCONSOLE_MAX_DATA];
-};
-
-typedef struct mconsole_notify mconsole_notify;
-/** mconsole notify message */
-struct mconsole_notify {
- uint32_t magic;
- uint32_t version;
- enum {
- MCONSOLE_SOCKET,
- MCONSOLE_PANIC,
- MCONSOLE_HANG,
- MCONSOLE_USER_NOTIFY,
- } type;
- uint32_t len;
- char data[MCONSOLE_MAX_DATA];
-};
-
-/**
- * send a request to UML using mconsole
- */
-static int request(private_mconsole_t *this, void(*cb)(void*,char*,size_t),
- void *data, char *command, ...)
-{
- mconsole_request request;
- mconsole_reply reply;
- int len, flags = 0;
- va_list args;
-
- memset(&request, 0, sizeof(request));
- request.magic = MCONSOLE_MAGIC;
- request.version = MCONSOLE_VERSION;
- va_start(args, command);
- request.len = vsnprintf(request.data, sizeof(request.data), command, args);
- va_end(args);
-
- if (this->idle)
- {
- flags = MSG_DONTWAIT;
- }
- do
- {
- if (this->idle)
- {
- this->idle();
- }
- len = sendto(this->console, &request, sizeof(request), flags,
- (struct sockaddr*)&this->uml, sizeof(this->uml));
- }
- while (len < 0 && (errno == EINTR || errno == EAGAIN));
-
- if (len < 0)
- {
- DBG1(DBG_LIB, "sending mconsole command to UML failed: %m");
- return -1;
- }
- do
- {
- len = recv(this->console, &reply, sizeof(reply), flags);
- if (len < 0 && (errno == EINTR || errno == EAGAIN))
- {
- if (this->idle)
- {
- this->idle();
- }
- continue;
- }
- if (len < 0)
- {
- DBG1(DBG_LIB, "receiving from mconsole failed: %m");
- return -1;
- }
- if (len > 0)
- {
- if (cb)
- {
- cb(data, reply.data, reply.len);
- }
- else if (reply.err)
- {
- if (reply.len && *reply.data)
- {
- DBG1(DBG_LIB, "received mconsole error %d: %.*s",
- reply.err, (int)reply.len, reply.data);
- }
- break;
- }
- }
- }
- while (reply.more);
-
- return reply.err;
-}
-
-/**
- * ignore error message
- */
-static void ignore(void *data, char *buf, size_t len)
-{
-}
-
-METHOD(mconsole_t, add_iface, bool,
- private_mconsole_t *this, char *guest, char *host)
-{
- int tries = 0;
-
- while (tries++ < 5)
- {
- if (request(this, ignore, NULL, "config %s=tuntap,%s", guest, host) == 0)
- {
- return TRUE;
- }
- usleep(10000 * tries * tries);
- }
- return FALSE;
-}
-
-METHOD(mconsole_t, del_iface, bool,
- private_mconsole_t *this, char *guest)
-{
- if (request(this, NULL, NULL, "remove %s", guest) != 0)
- {
- return FALSE;
- }
- return TRUE;
-}
-
-METHOD(mconsole_t, exec, int,
- private_mconsole_t *this, void(*cb)(void*,char*,size_t), void *data,
- char *cmd)
-{
- return request(this, cb, data, "%s", cmd);
-}
-
-/**
- * Poll until guest is ready
- */
-static void wait_bootup(private_mconsole_t *this)
-{
- /* wait for init process to appear */
- while (request(this, ignore, NULL, "exec ps -p 1 > /dev/null"))
- {
- if (this->idle)
- {
- this->idle();
- }
- usleep(100000);
- }
-}
-
-METHOD(mconsole_t, destroy, void,
- private_mconsole_t *this)
-{
- close(this->console);
- close(this->notify);
- free(this);
-}
-
-/**
- * setup the mconsole notify connection and wait for its readiness
- */
-static bool wait_for_notify(private_mconsole_t *this, char *nsock)
-{
- struct sockaddr_un addr;
- mconsole_notify notify;
- int len, flags = 0;
-
- this->notify = socket(AF_UNIX, SOCK_DGRAM, 0);
- if (this->notify < 0)
- {
- DBG1(DBG_LIB, "opening mconsole notify socket failed: %m");
- return FALSE;
- }
- memset(&addr, 0, sizeof(addr));
- addr.sun_family = AF_UNIX;
- strncpy(addr.sun_path, nsock, sizeof(addr.sun_path));
- if (bind(this->notify, (struct sockaddr*)&addr, sizeof(addr)) < 0)
- {
- DBG1(DBG_LIB, "binding mconsole notify socket to '%s' failed: %m",
- nsock);
- close(this->notify);
- return FALSE;
- }
- if (this->idle)
- {
- flags = MSG_DONTWAIT;
- }
- do
- {
- if (this->idle)
- {
- this->idle();
- }
- len = recvfrom(this->notify, &notify, sizeof(notify), flags, NULL, 0);
- }
- while (len < 0 && (errno == EINTR || errno == EAGAIN));
-
- if (len < 0 || len >= sizeof(notify))
- {
- DBG1(DBG_LIB, "reading from mconsole notify socket failed: %m");
- close(this->notify);
- unlink(nsock);
- return FALSE;
- }
- if (notify.magic != MCONSOLE_MAGIC ||
- notify.version != MCONSOLE_VERSION ||
- notify.type != MCONSOLE_SOCKET)
- {
- DBG1(DBG_LIB, "received unexpected message from mconsole notify"
- " socket: %b", &notify, sizeof(notify));
- close(this->notify);
- unlink(nsock);
- return FALSE;
- }
- memset(&this->uml, 0, sizeof(this->uml));
- this->uml.sun_family = AF_UNIX;
- strncpy(this->uml.sun_path, (char*)&notify.data, sizeof(this->uml.sun_path));
- return TRUE;
-}
-
-/**
- * setup the mconsole console connection
- */
-static bool setup_console(private_mconsole_t *this)
-{
- struct sockaddr_un addr;
-
- this->console = socket(AF_UNIX, SOCK_DGRAM, 0);
- if (this->console < 0)
- {
- DBG1(DBG_LIB, "opening mconsole socket failed: %m");
- return FALSE;
- }
- memset(&addr, 0, sizeof(addr));
- addr.sun_family = AF_UNIX;
- snprintf(&addr.sun_path[1], sizeof(addr.sun_path)-1, "%5d-%d",
- getpid(), this->console);
- if (bind(this->console, (struct sockaddr*)&addr, sizeof(addr)) < 0)
- {
- DBG1(DBG_LIB, "binding mconsole socket to '%s' failed: %m",
- &addr.sun_path[1]);
- close(this->console);
- return FALSE;
- }
- return TRUE;
-}
-
-/**
- * create the mconsole instance
- */
-mconsole_t *mconsole_create(char *notify, void(*idle)(void))
-{
- private_mconsole_t *this;
-
- INIT(this,
- .public = {
- .add_iface = _add_iface,
- .del_iface = _del_iface,
- .exec = _exec,
- .destroy = _destroy,
- },
- .idle = idle,
- );
-
- if (!wait_for_notify(this, notify))
- {
- free(this);
- return NULL;
- }
-
- if (!setup_console(this))
- {
- close(this->notify);
- unlink(notify);
- free(this);
- return NULL;
- }
- unlink(notify);
-
- wait_bootup(this);
-
- return &this->public;
-}
-
diff --git a/src/dumm/mconsole.h b/src/dumm/mconsole.h
deleted file mode 100644
index 2b8a1cdff..000000000
--- a/src/dumm/mconsole.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef MCONSOLE_H
-#define MCONSOLE_H
-
-#include <library.h>
-
-typedef struct mconsole_t mconsole_t;
-
-/**
- * UML mconsole, change running UML configuration using mconsole.
- */
-struct mconsole_t {
-
- /**
- * Create a guest interface and connect it to tap host interface.
- *
- * @param guest name of the interface to create in the guest
- * @param host name of the tap device to connect guest to
- * @return TRUE if interface created
- */
- bool (*add_iface)(mconsole_t *this, char *guest, char *host);
-
- /**
- * Delete a guest interface.
- *
- * @param guest name of the interface to delete on the guest
- * @return TRUE if interface deleted
- */
- bool (*del_iface)(mconsole_t *this, char *guest);
-
- /**
- * Execute a command on the mconsole.
- *
- * @param cb callback function to invoke for each line
- * @param data data to pass to callback
- * @param cmd command to invoke
- * @return return value of command
- */
- int (*exec)(mconsole_t *this, void(*cb)(void*,char*,size_t), void *data,
- char *cmd);
-
- /**
- * Destroy the mconsole instance
- */
- void (*destroy) (mconsole_t *this);
-};
-
-/**
- * Create a new mconsole connection to a guest.
- *
- * Waits for a notification from the guest through the notify socket and tries
- * to connect to the mconsole socket supplied in the received notification.
- *
- * @param notify unix notify socket path
- * @param idle idle function to call while waiting for responses
- * @return mconsole instance, or NULL if failed
- */
-mconsole_t *mconsole_create(char *notify, void(*idle)(void));
-
-#endif /* MCONSOLE_H */
-
diff --git a/src/include/Makefile.in b/src/include/Makefile.in
index 4106494db..1bc47d165 100644
--- a/src/include/Makefile.in
+++ b/src/include/Makefile.in
@@ -227,7 +227,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -253,6 +252,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -273,8 +274,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -329,8 +328,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -359,8 +356,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/include/linux/xfrm.h b/src/include/linux/xfrm.h
index dbaa4f128..35261c9a5 100644
--- a/src/include/linux/xfrm.h
+++ b/src/include/linux/xfrm.h
@@ -302,8 +302,11 @@ enum xfrm_attr_type_t {
XFRMA_ADDRESS_FILTER, /* struct xfrm_address_filter */
XFRMA_PAD,
XFRMA_OFFLOAD_DEV, /* struct xfrm_state_offload */
+ XFRMA_SET_MARK, /* __u32 */
+ XFRMA_SET_MARK_MASK, /* __u32 */
__XFRMA_MAX
+#define XFRMA_OUTPUT_MARK XFRMA_SET_MARK /* Compatibility */
#define XFRMA_MAX (__XFRMA_MAX - 1)
};
diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in
index 46715938e..eb3c635e0 100644
--- a/src/ipsec/Makefile.in
+++ b/src/ipsec/Makefile.in
@@ -260,7 +260,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -286,6 +285,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -306,8 +307,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -362,8 +361,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -392,8 +389,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8
index 3f72d52ee..143342ecb 100644
--- a/src/ipsec/_ipsec.8
+++ b/src/ipsec/_ipsec.8
@@ -1,4 +1,4 @@
-.TH IPSEC 8 "2013-10-29" "5.6.3dr1" "strongSwan"
+.TH IPSEC 8 "2013-10-29" "5.7.0rc2" "strongSwan"
.
.SH NAME
.
@@ -323,7 +323,7 @@ IPSEC_CONFDIR directory containing configuration files
IPSEC_PIDDIR directory containing PID/socket files
IPSEC_SCRIPT name of the ipsec script
IPSEC_NAME name of ipsec distribution
-IPSEC_VERSION version numer of ipsec userland and kernel
+IPSEC_VERSION version number of ipsec userland and kernel
IPSEC_STARTER_PID PID file for ipsec starter
IPSEC_CHARON_PID PID file for IKE keying daemon
.ad
diff --git a/src/ipsec/_ipsec.8.in b/src/ipsec/_ipsec.8.in
index 0aef8c031..bfc4d50c2 100644
--- a/src/ipsec/_ipsec.8.in
+++ b/src/ipsec/_ipsec.8.in
@@ -323,7 +323,7 @@ IPSEC_CONFDIR directory containing configuration files
IPSEC_PIDDIR directory containing PID/socket files
IPSEC_SCRIPT name of the ipsec script
IPSEC_NAME name of ipsec distribution
-IPSEC_VERSION version numer of ipsec userland and kernel
+IPSEC_VERSION version number of ipsec userland and kernel
IPSEC_STARTER_PID PID file for ipsec starter
IPSEC_CHARON_PID PID file for IKE keying daemon
.ad
diff --git a/src/ipsec/_ipsec.in b/src/ipsec/_ipsec.in
index 283abdcd5..29b323284 100644
--- a/src/ipsec/_ipsec.in
+++ b/src/ipsec/_ipsec.in
@@ -42,7 +42,7 @@ IPSEC_STARTER="${IPSEC_DIR}/starter"
export IPSEC_DIR IPSEC_BINDIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID
-IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
+IPSEC_DISTRO="University of Applied Sciences Rapperswil, Switzerland"
command_dir="$IPSEC_DIR"
diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in
index 6cd1130f1..8df9c6fcf 100644
--- a/src/libcharon/Makefile.in
+++ b/src/libcharon/Makefile.in
@@ -897,7 +897,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -923,6 +922,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -943,8 +944,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -999,8 +998,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -1029,8 +1026,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/attributes/mem_pool.h b/src/libcharon/attributes/mem_pool.h
index 06acbf8f8..519b1d303 100644
--- a/src/libcharon/attributes/mem_pool.h
+++ b/src/libcharon/attributes/mem_pool.h
@@ -31,7 +31,7 @@ typedef enum mem_pool_op_t mem_pool_op_t;
* In-memory IP pool acquire operation.
*/
enum mem_pool_op_t {
- /** Check for an exsiting lease */
+ /** Check for an existing lease */
MEM_POOL_EXISTING,
/** Get a new lease */
MEM_POOL_NEW,
diff --git a/src/libcharon/bus/listeners/custom_logger.h b/src/libcharon/bus/listeners/custom_logger.h
index a256ad1ec..4856163f4 100644
--- a/src/libcharon/bus/listeners/custom_logger.h
+++ b/src/libcharon/bus/listeners/custom_logger.h
@@ -49,12 +49,17 @@ struct custom_logger_t {
* @param group debug group to set
* @param level max level to log (0..4)
*/
- void (*set_level) (custom_logger_t *this, debug_t group, level_t level);
+ void (*set_level)(custom_logger_t *this, debug_t group, level_t level);
+
+ /**
+ * Reload custom logger configuration.
+ */
+ void (*reload)(custom_logger_t *this);
/**
* Destroy the custom_logger_t object.
*/
- void (*destroy) (custom_logger_t *this);
+ void (*destroy)(custom_logger_t *this);
};
/**
diff --git a/src/libcharon/config/backend_manager.c b/src/libcharon/config/backend_manager.c
index 02a41a5b3..47f62d59a 100644
--- a/src/libcharon/config/backend_manager.c
+++ b/src/libcharon/config/backend_manager.c
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2018 Tobias Brunner
* Copyright (C) 2007-2009 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
@@ -129,15 +130,77 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other,
return match;
}
-METHOD(backend_manager_t, get_ike_cfg, ike_cfg_t*,
- private_backend_manager_t *this, host_t *me, host_t *other,
- ike_version_t version)
+/**
+ * list element to help sorting
+ */
+typedef struct {
+ ike_cfg_match_t match;
+ ike_cfg_t *cfg;
+} ike_match_entry_t;
+
+CALLBACK(ike_enum_filter, bool,
+ linked_list_t *configs, enumerator_t *orig, va_list args)
+{
+ ike_match_entry_t *entry;
+ ike_cfg_t **out;
+
+ VA_ARGS_VGET(args, out);
+
+ if (orig->enumerate(orig, &entry))
+ {
+ *out = entry->cfg;
+ return TRUE;
+ }
+ return FALSE;
+}
+
+CALLBACK(ike_match_entry_list_destroy, void,
+ linked_list_t *configs)
+{
+ ike_match_entry_t *entry;
+
+ while (configs->remove_last(configs, (void**)&entry) == SUCCESS)
+ {
+ entry->cfg->destroy(entry->cfg);
+ free(entry);
+ }
+ configs->destroy(configs);
+}
+
+/**
+ * Insert entry into match-sorted list
+ */
+static void insert_sorted_ike(ike_match_entry_t *entry, linked_list_t *list)
+{
+ enumerator_t *enumerator;
+ ike_match_entry_t *current;
+
+ enumerator = list->create_enumerator(list);
+ while (enumerator->enumerate(enumerator, &current))
+ {
+ if (entry->match > current->match)
+ {
+ break;
+ }
+ }
+ list->insert_before(list, enumerator, entry);
+ enumerator->destroy(enumerator);
+}
+
+/**
+ * Create a sorted list of all matching IKE configs
+ */
+static linked_list_t *get_matching_ike_cfgs(private_backend_manager_t *this,
+ host_t *me, host_t *other,
+ ike_version_t version)
{
- ike_cfg_t *current, *found = NULL;
+ ike_cfg_t *current;
char *my_addr, *other_addr;
enumerator_t *enumerator;
- ike_cfg_match_t match, best = MATCH_ANY;
ike_data_t *data;
+ linked_list_t *configs;
+ ike_cfg_match_t match;
+ ike_match_entry_t *entry;
INIT(data,
.this = this,
@@ -145,44 +208,82 @@ METHOD(backend_manager_t, get_ike_cfg, ike_cfg_t*,
.other = other,
);
- DBG2(DBG_CFG, "looking for an ike config for %H...%H", me, other);
+ configs = linked_list_create();
this->lock->read_lock(this->lock);
enumerator = enumerator_create_nested(
this->backends->create_enumerator(this->backends),
(void*)ike_enum_create, data, (void*)free);
- while (enumerator->enumerate(enumerator, (void**)&current))
+
+ while (enumerator->enumerate(enumerator, &current))
{
+ my_addr = current->get_my_addr(current);
+ other_addr = current->get_other_addr(current);
match = get_ike_match(current, me, other, version);
- DBG3(DBG_CFG, "ike config match: %d (%H %H %N)",
- match, me, other, ike_version_names, version);
+ DBG3(DBG_CFG, "ike config match: %d (%s...%s %N)", match, my_addr,
+ other_addr, ike_version_names, current->get_version(current));
+
if (match)
{
- my_addr = current->get_my_addr(current);
- other_addr = current->get_other_addr(current);
DBG2(DBG_CFG, " candidate: %s...%s, prio %d",
my_addr, other_addr, match);
- if (match > best)
- {
- DESTROY_IF(found);
- found = current;
- found->get_ref(found);
- best = match;
- }
+
+ INIT(entry,
+ .match = match,
+ .cfg = current->get_ref(current),
+ );
+ insert_sorted_ike(entry, configs);
}
}
enumerator->destroy(enumerator);
this->lock->unlock(this->lock);
- if (found)
+
+ return configs;
+}
+
+METHOD(backend_manager_t, get_ike_cfg, ike_cfg_t*,
+ private_backend_manager_t *this, host_t *me, host_t *other,
+ ike_version_t version)
+{
+ linked_list_t *configs;
+ ike_match_entry_t *entry;
+ ike_cfg_t *found = NULL;
+ char *my_addr, *other_addr;
+
+ DBG2(DBG_CFG, "looking for an %N config for %H...%H", ike_version_names,
+ version, me, other);
+
+ configs = get_matching_ike_cfgs(this, me, other, version);
+ if (configs->get_first(configs, (void**)&entry) == SUCCESS)
{
+ found = entry->cfg->get_ref(entry->cfg);
+
my_addr = found->get_my_addr(found);
other_addr = found->get_other_addr(found);
DBG2(DBG_CFG, "found matching ike config: %s...%s with prio %d",
- my_addr, other_addr, best);
+ my_addr, other_addr, entry->match);
}
+ ike_match_entry_list_destroy(configs);
+
return found;
}
+METHOD(backend_manager_t, create_ike_cfg_enumerator, enumerator_t*,
+ private_backend_manager_t *this, host_t *me, host_t *other,
+ ike_version_t version)
+{
+ linked_list_t *configs;
+
+ DBG2(DBG_CFG, "looking for %N configs for %H...%H", ike_version_names,
+ version, me, other);
+
+ configs = get_matching_ike_cfgs(this, me, other, version);
+
+ return enumerator_create_filter(configs->create_enumerator(configs),
+ ike_enum_filter, configs,
+ ike_match_entry_list_destroy);
+}
+
/**
* Get the best ID match in one of the configs auth_cfg
*/
@@ -198,7 +299,7 @@ static id_match_t get_peer_match(identification_t *id,
if (!id)
{
- DBG3(DBG_CFG, "peer config match %s: %d (%N)",
+ DBG3(DBG_CFG, " %s id match: %d (%N)",
where, ID_MATCH_ANY, id_type_names, ID_ANY);
return ID_MATCH_ANY;
}
@@ -225,7 +326,7 @@ static id_match_t get_peer_match(identification_t *id,
enumerator->destroy(enumerator);
data = id->get_encoding(id);
- DBG3(DBG_CFG, "peer config match %s: %d (%N -> %#B)",
+ DBG3(DBG_CFG, " %s id match: %d (%N: %#B)",
where, match, id_type_names, id->get_type(id), &data);
return match;
}
@@ -295,34 +396,26 @@ CALLBACK(peer_enum_filter_destroy, void,
}
/**
- * Insert entry into match-sorted list, using helper
+ * Insert entry into match-sorted list
*/
-static void insert_sorted(match_entry_t *entry, linked_list_t *list,
- linked_list_t *helper)
+static void insert_sorted(match_entry_t *entry, linked_list_t *list)
{
+ enumerator_t *enumerator;
match_entry_t *current;
- while (list->remove_first(list, (void**)&current) == SUCCESS)
- {
- helper->insert_last(helper, current);
- }
- while (helper->remove_first(helper, (void**)&current) == SUCCESS)
+ enumerator = list->create_enumerator(list);
+ while (enumerator->enumerate(enumerator, &current))
{
- if (entry && (
- (entry->match_ike > current->match_ike &&
- entry->match_peer >= current->match_peer) ||
- (entry->match_ike >= current->match_ike &&
- entry->match_peer > current->match_peer)))
+ if ((entry->match_ike > current->match_ike &&
+ entry->match_peer >= current->match_peer) ||
+ (entry->match_ike >= current->match_ike &&
+ entry->match_peer > current->match_peer))
{
- list->insert_last(list, entry);
- entry = NULL;
+ break;
}
- list->insert_last(list, current);
- }
- if (entry)
- {
- list->insert_last(list, entry);
}
+ list->insert_before(list, enumerator, entry);
+ enumerator->destroy(enumerator);
}
METHOD(backend_manager_t, create_peer_cfg_enumerator, enumerator_t*,
@@ -332,7 +425,7 @@ METHOD(backend_manager_t, create_peer_cfg_enumerator, enumerator_t*,
enumerator_t *enumerator;
peer_data_t *data;
peer_cfg_t *cfg;
- linked_list_t *configs, *helper;
+ linked_list_t *configs;
INIT(data,
.lock = this->lock,
@@ -352,35 +445,46 @@ METHOD(backend_manager_t, create_peer_cfg_enumerator, enumerator_t*,
}
configs = linked_list_create();
- /* only once allocated helper list for sorting */
- helper = linked_list_create();
while (enumerator->enumerate(enumerator, &cfg))
{
- id_match_t match_peer_me, match_peer_other;
+ ike_cfg_t *ike_cfg = cfg->get_ike_cfg(cfg);
ike_cfg_match_t match_ike;
+ id_match_t match_peer_me, match_peer_other;
match_entry_t *entry;
+ char *my_addr, *other_addr;
+
+ match_ike = get_ike_match(ike_cfg, me, other, version);
+ my_addr = ike_cfg->get_my_addr(ike_cfg);
+ other_addr = ike_cfg->get_other_addr(ike_cfg);
+ DBG3(DBG_CFG, "peer config \"%s\", ike match: %d (%s...%s %N)",
+ cfg->get_name(cfg), match_ike, my_addr, other_addr,
+ ike_version_names, ike_cfg->get_version(ike_cfg));
+
+ if (!match_ike)
+ {
+ continue;
+ }
match_peer_me = get_peer_match(my_id, cfg, TRUE);
+ if (!match_peer_me)
+ {
+ continue;
+ }
match_peer_other = get_peer_match(other_id, cfg, FALSE);
- match_ike = get_ike_match(cfg->get_ike_cfg(cfg), me, other, version);
- DBG3(DBG_CFG, "ike config match: %d (%H %H %N)",
- match_ike, me, other, ike_version_names, version);
- if (match_peer_me && match_peer_other && match_ike)
+ if (match_peer_other)
{
DBG2(DBG_CFG, " candidate \"%s\", match: %d/%d/%d (me/other/ike)",
cfg->get_name(cfg), match_peer_me, match_peer_other, match_ike);
-
INIT(entry,
.match_peer = match_peer_me + match_peer_other,
.match_ike = match_ike,
.cfg = cfg->get_ref(cfg),
);
- insert_sorted(entry, configs, helper);
+ insert_sorted(entry, configs);
}
}
enumerator->destroy(enumerator);
- helper->destroy(helper);
return enumerator_create_filter(configs->create_enumerator(configs),
peer_enum_filter, configs,
@@ -430,8 +534,7 @@ METHOD(backend_manager_t, destroy, void,
}
/*
- * Described in header-file
-
+ * Described in header
*/
backend_manager_t *backend_manager_create()
{
@@ -440,6 +543,7 @@ backend_manager_t *backend_manager_create()
INIT(this,
.public = {
.get_ike_cfg = _get_ike_cfg,
+ .create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
.get_peer_cfg_by_name = _get_peer_cfg_by_name,
.create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
.add_backend = _add_backend,
diff --git a/src/libcharon/config/backend_manager.h b/src/libcharon/config/backend_manager.h
index 8ec79ce28..ada295f0d 100644
--- a/src/libcharon/config/backend_manager.h
+++ b/src/libcharon/config/backend_manager.h
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2018 Tobias Brunner
* Copyright (C) 2007 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
@@ -64,6 +65,20 @@ struct backend_manager_t {
ike_version_t version);
/**
+ * Create an enumerator over all matching IKE configs.
+ *
+ * Pass NULL as parameters to match any. The enumerator enumerates over
+ * ike_cfgs, ordered by priority (best match first).
+ *
+ * @param me local address
+ * @param other remote address
+ * @param version IKE version to get a config for
+ * @return enumerator over ike_cfg
+ */
+ enumerator_t* (*create_ike_cfg_enumerator)(backend_manager_t *this,
+ host_t *me, host_t *other, ike_version_t version);
+
+ /**
* Get a peer_config identified by it's name.
*
* @param name name of the peer_config
diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c
index bc417f936..14148ed03 100644
--- a/src/libcharon/config/child_cfg.c
+++ b/src/libcharon/config/child_cfg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2017 Tobias Brunner
+ * Copyright (C) 2008-2018 Tobias Brunner
* Copyright (C) 2016 Andreas Steffen
* Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -124,6 +124,16 @@ struct private_child_cfg_t {
mark_t mark_out;
/**
+ * Optional mark to set to packets after inbound processing
+ */
+ mark_t set_mark_in;
+
+ /**
+ * Optional mark to set to packets after outbound processing
+ */
+ mark_t set_mark_out;
+
+ /**
* Traffic Flow Confidentiality padding, if enabled
*/
uint32_t tfc;
@@ -147,6 +157,11 @@ struct private_child_cfg_t {
* HW offload mode
*/
hw_offload_t hw_offload;
+
+ /**
+ * DS header field copy mode
+ */
+ dscp_copy_t copy_dscp;
};
METHOD(child_cfg_t, get_name, char*,
@@ -254,7 +269,7 @@ METHOD(child_cfg_t, select_proposal, proposal_t*,
{
DBG2(DBG_CFG, "received proposals: %#P", proposals);
DBG2(DBG_CFG, "configured proposals: %#P", this->proposals);
- DBG2(DBG_CFG, "selected proposal: %P", selected);
+ DBG1(DBG_CFG, "selected proposal: %P", selected);
break;
}
}
@@ -289,7 +304,7 @@ METHOD(child_cfg_t, add_traffic_selector, void,
METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*,
private_child_cfg_t *this, bool local, linked_list_t *supplied,
- linked_list_t *hosts)
+ linked_list_t *hosts, bool log)
{
enumerator_t *e1, *e2;
traffic_selector_t *ts1, *ts2, *selected;
@@ -334,13 +349,19 @@ METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*,
}
e1->destroy(e1);
- DBG2(DBG_CFG, "%s traffic selectors for %s:",
- supplied ? "selecting" : "proposing", local ? "us" : "other");
- if (supplied == NULL)
+ if (log)
+ {
+ DBG2(DBG_CFG, "%s traffic selectors for %s:",
+ supplied ? "selecting" : "proposing", local ? "us" : "other");
+ }
+ if (!supplied)
{
while (derived->remove_first(derived, (void**)&ts1) == SUCCESS)
{
- DBG2(DBG_CFG, " %R", ts1);
+ if (log)
+ {
+ DBG2(DBG_CFG, " %R", ts1);
+ }
result->insert_last(result, ts1);
}
derived->destroy(derived);
@@ -358,11 +379,14 @@ METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*,
selected = ts1->get_subset(ts1, ts2);
if (selected)
{
- DBG2(DBG_CFG, " config: %R, received: %R => match: %R",
- ts1, ts2, selected);
+ if (log)
+ {
+ DBG2(DBG_CFG, " config: %R, received: %R => match: %R",
+ ts1, ts2, selected);
+ }
result->insert_last(result, selected);
}
- else
+ else if (log)
{
DBG2(DBG_CFG, " config: %R, received: %R => no match",
ts1, ts2);
@@ -478,6 +502,12 @@ METHOD(child_cfg_t, get_hw_offload, hw_offload_t,
return this->hw_offload;
}
+METHOD(child_cfg_t, get_copy_dscp, dscp_copy_t,
+ private_child_cfg_t *this)
+{
+ return this->copy_dscp;
+}
+
METHOD(child_cfg_t, get_dpd_action, action_t,
private_child_cfg_t *this)
{
@@ -527,6 +557,12 @@ METHOD(child_cfg_t, get_mark, mark_t,
return inbound ? this->mark_in : this->mark_out;
}
+METHOD(child_cfg_t, get_set_mark, mark_t,
+ private_child_cfg_t *this, bool inbound)
+{
+ return inbound ? this->set_mark_in : this->set_mark_out;
+}
+
METHOD(child_cfg_t, get_tfc, uint32_t,
private_child_cfg_t *this)
{
@@ -600,9 +636,15 @@ METHOD(child_cfg_t, equals, bool,
this->mark_in.mask == other->mark_in.mask &&
this->mark_out.value == other->mark_out.value &&
this->mark_out.mask == other->mark_out.mask &&
+ this->set_mark_in.value == other->set_mark_in.value &&
+ this->set_mark_in.mask == other->set_mark_in.mask &&
+ this->set_mark_out.value == other->set_mark_out.value &&
+ this->set_mark_out.mask == other->set_mark_out.mask &&
this->tfc == other->tfc &&
this->manual_prio == other->manual_prio &&
this->replay_window == other->replay_window &&
+ this->hw_offload == other->hw_offload &&
+ this->copy_dscp == other->copy_dscp &&
streq(this->updown, other->updown) &&
streq(this->interface, other->interface);
}
@@ -654,6 +696,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data)
.get_inactivity = _get_inactivity,
.get_reqid = _get_reqid,
.get_mark = _get_mark,
+ .get_set_mark = _get_set_mark,
.get_tfc = _get_tfc,
.get_manual_prio = _get_manual_prio,
.get_interface = _get_interface,
@@ -664,6 +707,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data)
.get_ref = _get_ref,
.destroy = _destroy,
.get_hw_offload = _get_hw_offload,
+ .get_copy_dscp = _get_copy_dscp,
},
.name = strdup(name),
.options = data->options,
@@ -675,6 +719,8 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data)
.close_action = data->close_action,
.mark_in = data->mark_in,
.mark_out = data->mark_out,
+ .set_mark_in = data->set_mark_in,
+ .set_mark_out = data->set_mark_out,
.lifetime = data->lifetime,
.inactivity = data->inactivity,
.tfc = data->tfc,
@@ -687,6 +733,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data)
.replay_window = lib->settings->get_int(lib->settings,
"%s.replay_window", DEFAULT_REPLAY_WINDOW, lib->ns),
.hw_offload = data->hw_offload,
+ .copy_dscp = data->copy_dscp,
);
return &this->public;
diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h
index d566da3ec..e3b59e656 100644
--- a/src/libcharon/config/child_cfg.h
+++ b/src/libcharon/config/child_cfg.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2017 Tobias Brunner
+ * Copyright (C) 2008-2018 Tobias Brunner
* Copyright (C) 2016 Andreas Steffen
* Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -135,11 +135,13 @@ struct child_cfg_t {
* @param local TRUE for TS on local side, FALSE for remote
* @param supplied list with TS to select from, or NULL
* @param hosts addresses to use for narrowing "dynamic" TS', host_t
+ * @param log FALSE to avoid logging details about the selection
* @return list containing the traffic selectors
*/
linked_list_t *(*get_traffic_selectors)(child_cfg_t *this, bool local,
linked_list_t *supplied,
- linked_list_t *hosts);
+ linked_list_t *hosts, bool log);
+
/**
* Get the updown script to run for the CHILD_SA.
*
@@ -190,6 +192,13 @@ struct child_cfg_t {
hw_offload_t (*get_hw_offload) (child_cfg_t *this);
/**
+ * Get the copy mode for the DS header field to use for the CHILD_SA.
+ *
+ * @return IP header copy mode
+ */
+ dscp_copy_t (*get_copy_dscp) (child_cfg_t *this);
+
+ /**
* Action to take if CHILD_SA gets closed.
*
* @return close action
@@ -218,7 +227,7 @@ struct child_cfg_t {
uint32_t (*get_reqid)(child_cfg_t *this);
/**
- * Optional mark for CHILD_SA.
+ * Optional mark to set on policies/SAs.
*
* @param inbound TRUE for inbound, FALSE for outbound
* @return mark
@@ -226,6 +235,14 @@ struct child_cfg_t {
mark_t (*get_mark)(child_cfg_t *this, bool inbound);
/**
+ * Optional mark the SAs should apply after processing packets.
+ *
+ * @param inbound TRUE for inbound, FALSE for outbound
+ * @return mark
+ */
+ mark_t (*get_set_mark)(child_cfg_t *this, bool inbound);
+
+ /**
* Get the TFC padding value to use for CHILD_SA.
*
* @return TFC padding, 0 to disable, -1 for MTU
@@ -317,6 +334,12 @@ enum child_cfg_option_t {
/** Set mark on inbound SAs */
OPT_MARK_IN_SA = (1<<6),
+
+ /** Disable copying the DF bit to the outer IPv4 header in tunnel mode */
+ OPT_NO_COPY_DF = (1<<7),
+
+ /** Disable copying the ECN header field in tunnel mode */
+ OPT_NO_COPY_ECN = (1<<8),
};
/**
@@ -331,6 +354,10 @@ struct child_cfg_create_t {
mark_t mark_in;
/** Optional outbound mark */
mark_t mark_out;
+ /** Optional inbound mark the SA should apply to traffic */
+ mark_t set_mark_in;
+ /** Optional outbound mark the SA should apply to traffic */
+ mark_t set_mark_out;
/** Mode to propose for CHILD_SA */
ipsec_mode_t mode;
/** TFC padding size, 0 to disable, -1 to pad to PMTU */
@@ -353,6 +380,8 @@ struct child_cfg_create_t {
char *updown;
/** HW offload mode */
hw_offload_t hw_offload;
+ /** How to handle the DS header field in tunnel mode */
+ dscp_copy_t copy_dscp;
};
/**
diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c
index a73a5b5e2..357c4a73b 100644
--- a/src/libcharon/config/ike_cfg.c
+++ b/src/libcharon/config/ike_cfg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012-2017 Tobias Brunner
+ * Copyright (C) 2012-2018 Tobias Brunner
* Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -309,6 +309,25 @@ METHOD(ike_cfg_t, get_proposals, linked_list_t*,
return proposals;
}
+METHOD(ike_cfg_t, has_proposal, bool,
+ private_ike_cfg_t *this, proposal_t *match, bool private)
+{
+ enumerator_t *enumerator;
+ proposal_t *proposal;
+
+ enumerator = this->proposals->create_enumerator(this->proposals);
+ while (enumerator->enumerate(enumerator, &proposal))
+ {
+ if (proposal->matches(proposal, match, private))
+ {
+ enumerator->destroy(enumerator);
+ return TRUE;
+ }
+ }
+ enumerator->destroy(enumerator);
+ return FALSE;
+}
+
METHOD(ike_cfg_t, select_proposal, proposal_t*,
private_ike_cfg_t *this, linked_list_t *proposals, bool private,
bool prefer_self)
@@ -344,7 +363,7 @@ METHOD(ike_cfg_t, select_proposal, proposal_t*,
{
DBG2(DBG_CFG, "received proposals: %#P", proposals);
DBG2(DBG_CFG, "configured proposals: %#P", this->proposals);
- DBG2(DBG_CFG, "selected proposal: %P", selected);
+ DBG1(DBG_CFG, "selected proposal: %P", selected);
break;
}
}
@@ -618,6 +637,7 @@ ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
.add_proposal = _add_proposal,
.get_proposals = _get_proposals,
.select_proposal = _select_proposal,
+ .has_proposal = _has_proposal,
.get_dh_group = _get_dh_group,
.equals = _equals,
.get_ref = _get_ref,
diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h
index ac2deef70..49690c892 100644
--- a/src/libcharon/config/ike_cfg.h
+++ b/src/libcharon/config/ike_cfg.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012-2017 Tobias Brunner
+ * Copyright (C) 2012-2018 Tobias Brunner
* Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -180,6 +180,15 @@ struct ike_cfg_t {
bool private, bool prefer_self);
/**
+ * Check if the config has a matching proposal.
+ *
+ * @param match proposal to check
+ * @param private accept algorithms from a private range
+ * @return TRUE if a matching proposal is contained
+ */
+ bool(*has_proposal)(ike_cfg_t *this, proposal_t *match, bool private);
+
+ /**
* Should we send a certificate request in IKE_SA_INIT?
*
* @return certificate request sending policy
diff --git a/src/libcharon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c
index 29f067858..e7dfb5f62 100644
--- a/src/libcharon/config/peer_cfg.c
+++ b/src/libcharon/config/peer_cfg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2017 Tobias Brunner
+ * Copyright (C) 2007-2018 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -126,12 +126,12 @@ struct private_peer_cfg_t {
uint32_t over_time;
/**
- * DPD check intervall
+ * DPD check interval
*/
uint32_t dpd;
/**
- * DPD timeout intervall (used for IKEv1 only)
+ * DPD timeout interval (used for IKEv1 only)
*/
uint32_t dpd_timeout;
@@ -155,6 +155,16 @@ struct private_peer_cfg_t {
*/
linked_list_t *remote_auth;
+ /**
+ * PPK ID
+ */
+ identification_t *ppk_id;
+
+ /**
+ * Whether a PPK is required
+ */
+ bool ppk_required;
+
#ifdef ME
/**
* Is this a mediation connection?
@@ -258,48 +268,44 @@ METHOD(peer_cfg_t, replace_child_cfgs, enumerator_t*,
private_peer_cfg_t *this, peer_cfg_t *other_pub)
{
private_peer_cfg_t *other = (private_peer_cfg_t*)other_pub;
- linked_list_t *removed, *added;
+ linked_list_t *new_cfgs, *removed, *added;
enumerator_t *mine, *others;
child_cfg_t *my_cfg, *other_cfg;
child_cfgs_replace_enumerator_t *enumerator;
bool found;
- removed = linked_list_create();
+ added = linked_list_create();
other->lock->read_lock(other->lock);
- added = linked_list_create_from_enumerator(
+ new_cfgs = linked_list_create_from_enumerator(
other->child_cfgs->create_enumerator(other->child_cfgs));
- added->invoke_offset(added, offsetof(child_cfg_t, get_ref));
+ new_cfgs->invoke_offset(new_cfgs, offsetof(child_cfg_t, get_ref));
other->lock->unlock(other->lock);
this->lock->write_lock(this->lock);
- others = added->create_enumerator(added);
- mine = this->child_cfgs->create_enumerator(this->child_cfgs);
- while (mine->enumerate(mine, &my_cfg))
+ removed = this->child_cfgs;
+ this->child_cfgs = new_cfgs;
+ others = new_cfgs->create_enumerator(new_cfgs);
+ mine = removed->create_enumerator(removed);
+ while (others->enumerate(others, &other_cfg))
{
found = FALSE;
- while (others->enumerate(others, &other_cfg))
+ while (mine->enumerate(mine, &my_cfg))
{
if (my_cfg->equals(my_cfg, other_cfg))
{
- added->remove_at(added, others);
- other_cfg->destroy(other_cfg);
+ removed->remove_at(removed, mine);
+ my_cfg->destroy(my_cfg);
found = TRUE;
break;
}
}
- added->reset_enumerator(added, others);
+ removed->reset_enumerator(removed, mine);
if (!found)
{
- this->child_cfgs->remove_at(this->child_cfgs, mine);
- removed->insert_last(removed, my_cfg);
+ added->insert_last(added, other_cfg->get_ref(other_cfg));
}
}
- while (others->enumerate(others, &other_cfg))
- {
- this->child_cfgs->insert_last(this->child_cfgs,
- other_cfg->get_ref(other_cfg));
- }
others->destroy(others);
mine->destroy(mine);
this->lock->unlock(this->lock);
@@ -379,7 +385,7 @@ static int get_ts_match(child_cfg_t *cfg, bool local,
int match = 0, round;
/* fetch configured TS list, narrowing dynamic TS */
- cfg_list = cfg->get_traffic_selectors(cfg, local, NULL, hosts);
+ cfg_list = cfg->get_traffic_selectors(cfg, local, NULL, hosts, TRUE);
/* use a round counter to rate leading TS with higher priority */
round = sup_list->get_count(sup_list);
@@ -581,6 +587,18 @@ METHOD(peer_cfg_t, create_auth_cfg_enumerator, enumerator_t*,
return this->remote_auth->create_enumerator(this->remote_auth);
}
+METHOD(peer_cfg_t, get_ppk_id, identification_t*,
+ private_peer_cfg_t *this)
+{
+ return this->ppk_id;
+}
+
+METHOD(peer_cfg_t, ppk_required, bool,
+ private_peer_cfg_t *this)
+{
+ return this->ppk_required;
+}
+
#ifdef ME
METHOD(peer_cfg_t, is_mediation, bool,
private_peer_cfg_t *this)
@@ -655,6 +673,14 @@ static bool auth_cfg_equal(private_peer_cfg_t *this, private_peer_cfg_t *other)
return equal;
}
+/**
+ * Check if two identities are equal, or both are not set
+ */
+static bool id_equal(identification_t *this, identification_t *other)
+{
+ return this == other || (this && other && this->equals(this, other));
+}
+
METHOD(peer_cfg_t, equals, bool,
private_peer_cfg_t *this, private_peer_cfg_t *other)
{
@@ -688,13 +714,13 @@ METHOD(peer_cfg_t, equals, bool,
this->dpd == other->dpd &&
this->aggressive == other->aggressive &&
this->pull_mode == other->pull_mode &&
- auth_cfg_equal(this, other)
+ auth_cfg_equal(this, other) &&
+ this->ppk_required == other->ppk_required &&
+ id_equal(this->ppk_id, other->ppk_id)
#ifdef ME
&& this->mediation == other->mediation &&
streq(this->mediated_by, other->mediated_by) &&
- (this->peer_id == other->peer_id ||
- (this->peer_id && other->peer_id &&
- this->peer_id->equals(this->peer_id, other->peer_id)))
+ id_equal(this->peer_id, other->peer_id)
#endif /* ME */
);
}
@@ -724,6 +750,7 @@ METHOD(peer_cfg_t, destroy, void,
DESTROY_IF(this->peer_id);
free(this->mediated_by);
#endif /* ME */
+ DESTROY_IF(this->ppk_id);
this->lock->destroy(this->lock);
free(this->name);
free(this);
@@ -778,6 +805,8 @@ peer_cfg_t *peer_cfg_create(char *name, ike_cfg_t *ike_cfg,
.create_pool_enumerator = _create_pool_enumerator,
.add_auth_cfg = _add_auth_cfg,
.create_auth_cfg_enumerator = _create_auth_cfg_enumerator,
+ .get_ppk_id = _get_ppk_id,
+ .ppk_required = _ppk_required,
.equals = (void*)_equals,
.get_ref = _get_ref,
.destroy = _destroy,
@@ -803,6 +832,8 @@ peer_cfg_t *peer_cfg_create(char *name, ike_cfg_t *ike_cfg,
.pull_mode = !data->push_mode,
.dpd = data->dpd,
.dpd_timeout = data->dpd_timeout,
+ .ppk_id = data->ppk_id,
+ .ppk_required = data->ppk_required,
.vips = linked_list_create(),
.pools = linked_list_create(),
.local_auth = linked_list_create(),
diff --git a/src/libcharon/config/peer_cfg.h b/src/libcharon/config/peer_cfg.h
index 6074a7cd4..49c4d1492 100644
--- a/src/libcharon/config/peer_cfg.h
+++ b/src/libcharon/config/peer_cfg.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2017 Tobias Brunner
+ * Copyright (C) 2007-2018 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -157,11 +157,9 @@ struct peer_cfg_t {
/**
* Replace the CHILD configs with those in the given PEER config.
*
- * Configs that are equal are not replaced.
- *
* The enumerator enumerates the removed and added CHILD configs
* (child_cfg_t*, bool), where the flag is FALSE for removed configs and
- * TRUE for added configs.
+ * TRUE for added configs. Configs that are equal are not enumerated.
*
* @param other other config to get CHILD configs from
* @return an enumerator over removed/added CHILD configs
@@ -313,6 +311,20 @@ struct peer_cfg_t {
*/
enumerator_t* (*create_pool_enumerator)(peer_cfg_t *this);
+ /**
+ * Get the PPK ID to use with this peer.
+ *
+ * @return PPK id
+ */
+ identification_t *(*get_ppk_id)(peer_cfg_t *this);
+
+ /**
+ * Whether a PPK is required with this peer.
+ *
+ * @return TRUE, if a PPK is required
+ */
+ bool (*ppk_required)(peer_cfg_t *this);
+
#ifdef ME
/**
* Is this a mediation connection?
@@ -395,6 +407,10 @@ struct peer_cfg_create_t {
uint32_t dpd;
/** DPD timeout interval (IKEv1 only), if 0 default applies */
uint32_t dpd_timeout;
+ /** Postquantum Preshared Key ID (adopted) */
+ identification_t *ppk_id;
+ /** TRUE if a PPK is required, FALSE if it's optional */
+ bool ppk_required;
#ifdef ME
/** TRUE if this is a mediation connection */
bool mediation;
diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c
index e4b819710..d2f3afdd3 100644
--- a/src/libcharon/daemon.c
+++ b/src/libcharon/daemon.c
@@ -480,25 +480,27 @@ static void load_sys_logger(private_daemon_t *this, char *facility,
/**
* Load the given file logger configured in strongswan.conf
*/
-static void load_file_logger(private_daemon_t *this, char *filename,
+static void load_file_logger(private_daemon_t *this, char *section,
linked_list_t *current_loggers)
{
file_logger_t *file_logger;
debug_t group;
level_t def;
bool add_ms, ike_name, flush_line, append;
- char *time_format;
+ char *time_format, *filename;
time_format = lib->settings->get_str(lib->settings,
- "%s.filelog.%s.time_format", NULL, lib->ns, filename);
+ "%s.filelog.%s.time_format", NULL, lib->ns, section);
add_ms = lib->settings->get_bool(lib->settings,
- "%s.filelog.%s.time_add_ms", FALSE, lib->ns, filename);
+ "%s.filelog.%s.time_add_ms", FALSE, lib->ns, section);
ike_name = lib->settings->get_bool(lib->settings,
- "%s.filelog.%s.ike_name", FALSE, lib->ns, filename);
+ "%s.filelog.%s.ike_name", FALSE, lib->ns, section);
flush_line = lib->settings->get_bool(lib->settings,
- "%s.filelog.%s.flush_line", FALSE, lib->ns, filename);
+ "%s.filelog.%s.flush_line", FALSE, lib->ns, section);
append = lib->settings->get_bool(lib->settings,
- "%s.filelog.%s.append", TRUE, lib->ns, filename);
+ "%s.filelog.%s.append", TRUE, lib->ns, section);
+ filename = lib->settings->get_str(lib->settings,
+ "%s.filelog.%s.path", section, lib->ns, section);
file_logger = add_file_logger(this, filename, current_loggers);
if (!file_logger)
@@ -510,12 +512,12 @@ static void load_file_logger(private_daemon_t *this, char *filename,
file_logger->open(file_logger, flush_line, append);
def = lib->settings->get_int(lib->settings, "%s.filelog.%s.default", 1,
- lib->ns, filename);
+ lib->ns, section);
for (group = 0; group < DBG_MAX; group++)
{
file_logger->set_level(file_logger, group,
lib->settings->get_int(lib->settings, "%s.filelog.%s.%N", def,
- lib->ns, filename, debug_lower_names, group));
+ lib->ns, section, debug_lower_names, group));
}
charon->bus->add_logger(charon->bus, &file_logger->logger);
}
@@ -545,6 +547,10 @@ static void load_custom_logger(private_daemon_t *this,
lib->settings->get_int(lib->settings, "%s.customlog.%s.%N", def,
lib->ns, entry->name, debug_lower_names, group));
}
+ if (custom_logger->reload)
+ {
+ custom_logger->reload(custom_logger);
+ }
charon->bus->add_logger(charon->bus, &custom_logger->logger);
}
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index 1b8cd76f4..b72a2bf2d 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2014 Tobias Brunner
+ * Copyright (C) 2006-2018 Tobias Brunner
* Copyright (C) 2005-2010 Martin Willi
* Copyright (C) 2010 revosec AG
* Copyright (C) 2006 Daniel Roethlisberger
@@ -2095,8 +2095,8 @@ METHOD(message_t, fragment, status_t,
count = data.len / frag_len + (data.len % frag_len ? 1 : 0);
this->fragments = array_create(0, count);
- DBG1(DBG_ENC, "splitting IKE message with length of %zu bytes into "
- "%hu fragments", len, count);
+ DBG1(DBG_ENC, "splitting IKE message (%zu bytes) into %hu fragments", len,
+ count);
for (num = 1; num <= count; num++)
{
len = min(data.len, frag_len);
@@ -2821,11 +2821,11 @@ METHOD(message_t, add_fragment_v1, status_t,
return NEED_MORE;
}
- DBG1(DBG_ENC, "received fragment #%hhu, reassembling fragmented IKE "
- "message", num);
-
data = merge_fragments(this, message);
this->packet->set_data(this->packet, data);
+ DBG1(DBG_ENC, "received fragment #%hhu, reassembled fragmented IKE "
+ "message (%zu bytes)", num, data.len);
+
this->parser = parser_create(data);
if (parse_header(this) != SUCCESS)
@@ -2842,9 +2842,11 @@ METHOD(message_t, add_fragment_v2, status_t,
encrypted_fragment_payload_t *encrypted_fragment;
encrypted_payload_t *encrypted;
payload_t *payload;
+ aead_t *aead;
enumerator_t *enumerator;
chunk_t data;
uint16_t total, num;
+ size_t len;
status_t status;
if (!this->frag)
@@ -2904,15 +2906,30 @@ METHOD(message_t, add_fragment_v2, status_t,
return NEED_MORE;
}
- DBG1(DBG_ENC, "received fragment #%hu of %hu, reassembling fragmented IKE "
- "message", num, total);
+ encrypted = (encrypted_payload_t*)encrypted_fragment;
+ aead = encrypted->get_transform(encrypted);
data = merge_fragments(this, message);
+
encrypted = encrypted_payload_create_from_plain(this->first_payload, data);
+ encrypted->set_transform(encrypted, aead);
this->payloads->insert_last(this->payloads, encrypted);
/* update next payload type (could be an unencrypted payload) */
this->payloads->get_first(this->payloads, (void**)&payload);
this->first_payload = payload->get_type(payload);
+
+ /* we report the length of the complete IKE message when splitting, do the
+ * same here, so add the IKEv2 header len to the reassembled payload data */
+ len = 28;
+ enumerator = create_payload_enumerator(this);
+ while (enumerator->enumerate(enumerator, &payload))
+ {
+ len += payload->get_length(payload);
+ }
+ enumerator->destroy(enumerator);
+
+ DBG1(DBG_ENC, "received fragment #%hu of %hu, reassembled fragmented IKE "
+ "message (%zu bytes)", num, total, len);
return SUCCESS;
}
diff --git a/src/libcharon/encoding/payloads/encrypted_payload.c b/src/libcharon/encoding/payloads/encrypted_payload.c
index 4f4b1d1d6..ba56ace55 100644
--- a/src/libcharon/encoding/payloads/encrypted_payload.c
+++ b/src/libcharon/encoding/payloads/encrypted_payload.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2014 Tobias Brunner
+ * Copyright (C) 2011-2018 Tobias Brunner
* Copyright (C) 2005-2010 Martin Willi
* Copyright (C) 2010 revosec AG
* Copyright (C) 2005 Jan Hutter
@@ -326,6 +326,21 @@ METHOD2(payload_t, encrypted_payload_t, get_length, size_t,
return this->payload_length;
}
+METHOD2(payload_t, encrypted_payload_t, get_length_plain, size_t,
+ private_encrypted_payload_t *this)
+{
+ /* contains only the decrypted payload data, no IV, padding or ICV */
+ this->payload_length = this->encrypted.len;
+
+ if (this->aead)
+ {
+ this->payload_length += compute_overhead(this->aead,
+ this->payload_length);
+ }
+ this->payload_length += get_header_length(this);
+ return this->payload_length;
+}
+
METHOD(encrypted_payload_t, add_payload, void,
private_encrypted_payload_t *this, payload_t *payload)
{
@@ -727,6 +742,12 @@ METHOD(encrypted_payload_t, set_transform, void,
this->aead = aead;
}
+METHOD(encrypted_payload_t, get_transform, aead_t*,
+ private_encrypted_payload_t *this)
+{
+ return this->aead;
+}
+
METHOD2(payload_t, encrypted_payload_t, destroy, void,
private_encrypted_payload_t *this)
{
@@ -759,6 +780,7 @@ encrypted_payload_t *encrypted_payload_create(payload_type_t type)
.remove_payload = _remove_payload,
.generate_payloads = _generate_payloads,
.set_transform = _set_transform,
+ .get_transform = _get_transform,
.encrypt = _encrypt,
.decrypt = _decrypt,
.destroy = _destroy,
@@ -787,10 +809,11 @@ encrypted_payload_t *encrypted_payload_create_from_plain(payload_type_t next,
private_encrypted_payload_t *this;
this = (private_encrypted_payload_t*)encrypted_payload_create(PLV2_ENCRYPTED);
+ this->public.payload_interface.get_length = _get_length_plain;
+ this->public.get_length = _get_length_plain;
this->public.decrypt = _decrypt_plain;
this->next_payload = next;
this->encrypted = plain;
- compute_length(this);
return &this->public;
}
@@ -899,6 +922,12 @@ METHOD(encrypted_payload_t, frag_set_transform, void,
this->aead = aead;
}
+METHOD(encrypted_payload_t, frag_get_transform, aead_t*,
+ private_encrypted_fragment_payload_t *this)
+{
+ return this->aead;
+}
+
/**
* Append the encrypted fragment payload header to the associated data
*/
@@ -996,6 +1025,7 @@ encrypted_fragment_payload_t *encrypted_fragment_payload_create()
.remove_payload = (void*)return_null,
.generate_payloads = nop,
.set_transform = _frag_set_transform,
+ .get_transform = _frag_get_transform,
.encrypt = _frag_encrypt,
.decrypt = _frag_decrypt,
.destroy = _frag_destroy,
diff --git a/src/libcharon/encoding/payloads/encrypted_payload.h b/src/libcharon/encoding/payloads/encrypted_payload.h
index 72a256553..be7a24f43 100644
--- a/src/libcharon/encoding/payloads/encrypted_payload.h
+++ b/src/libcharon/encoding/payloads/encrypted_payload.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014 Tobias Brunner
+ * Copyright (C) 2014-2018 Tobias Brunner
* Copyright (C) 2005-2010 Martin Willi
* Copyright (C) 2010 revosec AG
* Copyright (C) 2005 Jan Hutter
@@ -74,9 +74,16 @@ struct encrypted_payload_t {
/**
* Set the AEAD transform to use.
*
- * @param aead aead transform to use
+ * @param aead aead transform to use
*/
- void (*set_transform) (encrypted_payload_t *this, aead_t *aead);
+ void (*set_transform)(encrypted_payload_t *this, aead_t *aead);
+
+ /**
+ * Get the AEAD transform that to use (or was used).
+ *
+ * @param aead aead transform to use (or was used)
+ */
+ aead_t *(*get_transform)(encrypted_payload_t *this);
/**
* Generate, encrypt and sign contained payloads.
diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c
index 0c6f010b5..a69db9357 100644
--- a/src/libcharon/encoding/payloads/notify_payload.c
+++ b/src/libcharon/encoding/payloads/notify_payload.c
@@ -1,7 +1,7 @@
/*
+ * Copyright (C) 2006-2018 Tobias Brunner
* Copyright (C) 2005-2010 Martin Willi
* Copyright (C) 2010 revosec AG
- * Copyright (C) 2006-2008 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -114,7 +114,11 @@ ENUM_NEXT(notify_type_names, INITIAL_CONTACT, SIGNATURE_HASH_ALGORITHMS, MS_NOTI
"SENDER_REQUEST_ID",
"FRAGMENTATION_SUPPORTED",
"SIGNATURE_HASH_ALGORITHMS");
-ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, SIGNATURE_HASH_ALGORITHMS,
+ENUM_NEXT(notify_type_names, USE_PPK, NO_PPK_AUTH, SIGNATURE_HASH_ALGORITHMS,
+ "USE_PPK",
+ "PPK_IDENTITY",
+ "NO_PPK_AUTH");
+ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, NO_PPK_AUTH,
"INITIAL_CONTACT");
ENUM_NEXT(notify_type_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1,
"DPD_R_U_THERE",
@@ -224,7 +228,11 @@ ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, SIGNATURE_HASH_ALGORITHMS, M
"SENDER_REQ_ID",
"FRAG_SUP",
"HASH_ALG");
-ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, SIGNATURE_HASH_ALGORITHMS,
+ENUM_NEXT(notify_type_short_names, USE_PPK, NO_PPK_AUTH, SIGNATURE_HASH_ALGORITHMS,
+ "USE_PPK",
+ "PPK_ID",
+ "NO_PPK");
+ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, NO_PPK_AUTH,
"INITIAL_CONTACT");
ENUM_NEXT(notify_type_short_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1,
"DPD",
diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h
index 39e4c915b..b0cf69d02 100644
--- a/src/libcharon/encoding/payloads/notify_payload.h
+++ b/src/libcharon/encoding/payloads/notify_payload.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2008 Tobias Brunner
+ * Copyright (C) 2006-2018 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -153,6 +153,12 @@ enum notify_type_t {
FRAGMENTATION_SUPPORTED = 16430,
/* Signature Hash Algorithms, RFC 7427 */
SIGNATURE_HASH_ALGORITHMS = 16431,
+ /* Use Postquantum Preshared Key (draft-ietf-ipsecme-qr-ikev2) */
+ USE_PPK = 16435,
+ /* Postquantum Preshared Key Identity (draft-ietf-ipsecme-qr-ikev2) */
+ PPK_IDENTITY = 16436,
+ /* No Postquantum Preshared Key Auth (draft-ietf-ipsecme-qr-ikev2) */
+ NO_PPK_AUTH = 16437,
/* IKEv1 initial contact */
INITIAL_CONTACT_IKEV1 = 24578,
/* IKEv1 DPD */
diff --git a/src/libcharon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h
index 94b9c284b..4158eb45e 100644
--- a/src/libcharon/kernel/kernel_ipsec.h
+++ b/src/libcharon/kernel/kernel_ipsec.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2016 Andreas Steffen
- * Copyright (C) 2006-2016 Tobias Brunner
+ * Copyright (C) 2006-2018 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -93,8 +93,16 @@ struct kernel_ipsec_add_sa_t {
bool encap;
/** no (disabled), yes (enabled), auto (enabled if supported) */
hw_offload_t hw_offload;
+ /** Mark the SA should apply to packets after processing */
+ mark_t mark;
/** TRUE to use Extended Sequence Numbers */
bool esn;
+ /** TRUE to copy the DF bit to the outer IPv4 header in tunnel mode */
+ bool copy_df;
+ /** TRUE to copy the ECN header field to/from the outer header */
+ bool copy_ecn;
+ /** Whether to copy the DSCP header field to/from the outer header */
+ dscp_copy_t copy_dscp;
/** TRUE if initiator of the exchange creating the SA */
bool initiator;
/** TRUE if this is an inbound SA */
diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c
index 4c72b5609..acdba345c 100644
--- a/src/libcharon/network/receiver.c
+++ b/src/libcharon/network/receiver.c
@@ -646,13 +646,13 @@ receiver_t *receiver_create()
this->receive_delay = lib->settings->get_int(lib->settings,
"%s.receive_delay", 0, lib->ns);
this->receive_delay_type = lib->settings->get_int(lib->settings,
- "%s.receive_delay_type", 0, lib->ns),
+ "%s.receive_delay_type", 0, lib->ns);
this->receive_delay_request = lib->settings->get_bool(lib->settings,
- "%s.receive_delay_request", TRUE, lib->ns),
+ "%s.receive_delay_request", TRUE, lib->ns);
this->receive_delay_response = lib->settings->get_bool(lib->settings,
- "%s.receive_delay_response", TRUE, lib->ns),
+ "%s.receive_delay_response", TRUE, lib->ns);
this->initiator_only = lib->settings->get_bool(lib->settings,
- "%s.initiator_only", FALSE, lib->ns),
+ "%s.initiator_only", FALSE, lib->ns);
this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (!this->hasher)
diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in
index 62ce323d0..c16899048 100644
--- a/src/libcharon/plugins/addrblock/Makefile.in
+++ b/src/libcharon/plugins/addrblock/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/android_dns/Makefile.in b/src/libcharon/plugins/android_dns/Makefile.in
index bba9591ec..4cecc1431 100644
--- a/src/libcharon/plugins/android_dns/Makefile.in
+++ b/src/libcharon/plugins/android_dns/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/android_log/Makefile.in b/src/libcharon/plugins/android_log/Makefile.in
index 0a5c7ec8d..5d0c826f5 100644
--- a/src/libcharon/plugins/android_log/Makefile.in
+++ b/src/libcharon/plugins/android_log/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/attr/Makefile.in b/src/libcharon/plugins/attr/Makefile.in
index 2e7170472..af810b959 100644
--- a/src/libcharon/plugins/attr/Makefile.in
+++ b/src/libcharon/plugins/attr/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/attr_sql/Makefile.in b/src/libcharon/plugins/attr_sql/Makefile.in
index b8b9885f2..cc2c22ddc 100644
--- a/src/libcharon/plugins/attr_sql/Makefile.in
+++ b/src/libcharon/plugins/attr_sql/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/bypass_lan/Makefile.in b/src/libcharon/plugins/bypass_lan/Makefile.in
index f882f6bc0..84b3bb3b2 100644
--- a/src/libcharon/plugins/bypass_lan/Makefile.in
+++ b/src/libcharon/plugins/bypass_lan/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in
index cbfb07597..f057d25c2 100644
--- a/src/libcharon/plugins/certexpire/Makefile.in
+++ b/src/libcharon/plugins/certexpire/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/connmark/Makefile.in b/src/libcharon/plugins/connmark/Makefile.in
index 6f0a2bddf..b88af5a24 100644
--- a/src/libcharon/plugins/connmark/Makefile.in
+++ b/src/libcharon/plugins/connmark/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/counters/Makefile.in b/src/libcharon/plugins/counters/Makefile.in
index 491ba80b3..e58c467bf 100644
--- a/src/libcharon/plugins/counters/Makefile.in
+++ b/src/libcharon/plugins/counters/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in
index 5859a21ee..1d9a7cbc7 100644
--- a/src/libcharon/plugins/coupling/Makefile.in
+++ b/src/libcharon/plugins/coupling/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in
index f8e2d7398..5975ea98b 100644
--- a/src/libcharon/plugins/dhcp/Makefile.in
+++ b/src/libcharon/plugins/dhcp/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c
index c26fcc920..1e208d094 100644
--- a/src/libcharon/plugins/dhcp/dhcp_socket.c
+++ b/src/libcharon/plugins/dhcp/dhcp_socket.c
@@ -800,7 +800,10 @@ dhcp_socket_t *dhcp_socket_create()
destroy(this);
return NULL;
}
- if (!is_broadcast(this->dst))
+ if (!is_broadcast(this->dst) &&
+ lib->settings->get_bool(lib->settings,
+ "%s.plugins.dhcp.use_server_port", FALSE,
+ lib->ns))
{
/* when setting giaddr (which we do when we don't broadcast), the server
* should respond to the server port on that IP, according to RFC 2131,
@@ -808,7 +811,9 @@ dhcp_socket_t *dhcp_socket_create()
* kernel will respond with an ICMP port unreachable if there is no
* socket bound to that port, which might be problematic with certain
* DHCP servers. instead of opening an additional socket, that we don't
- * actually use, we can also just send our requests from port 67 */
+ * actually use, we can also just send our requests from port 67.
+ * we don't do this by default, as it might cause conflicts with DHCP
+ * servers running on the same host */
src.sin_port = htons(DHCP_SERVER_PORT);
}
if (bind(this->send, (struct sockaddr*)&src, sizeof(src)) == -1)
diff --git a/src/libcharon/plugins/dnscert/Makefile.in b/src/libcharon/plugins/dnscert/Makefile.in
index d0a4d7fc3..d9f80a7ba 100644
--- a/src/libcharon/plugins/dnscert/Makefile.in
+++ b/src/libcharon/plugins/dnscert/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in
index 9be0c495b..93ed6609a 100644
--- a/src/libcharon/plugins/duplicheck/Makefile.in
+++ b/src/libcharon/plugins/duplicheck/Makefile.in
@@ -320,7 +320,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -346,6 +345,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -366,8 +367,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -422,8 +421,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -452,8 +449,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in
index dd66b65b7..202051fdd 100644
--- a/src/libcharon/plugins/eap_aka/Makefile.in
+++ b/src/libcharon/plugins/eap_aka/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_aka_3gpp/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp/Makefile.in
index d8515c05b..8aef51cef 100644
--- a/src/libcharon/plugins/eap_aka_3gpp/Makefile.in
+++ b/src/libcharon/plugins/eap_aka_3gpp/Makefile.in
@@ -321,7 +321,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -347,6 +346,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -367,8 +368,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -423,8 +422,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -453,8 +450,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.in
index 65b86199c..5c45477ad 100644
--- a/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.in
+++ b/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.in
@@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -334,6 +333,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -354,8 +355,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -410,8 +409,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -440,8 +437,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
index f5fc3fb48..b60fbd03b 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
+++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
@@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -341,6 +340,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -361,8 +362,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -417,8 +416,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -447,8 +444,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.in b/src/libcharon/plugins/eap_dynamic/Makefile.in
index 494f0a8c5..0ebde2034 100644
--- a/src/libcharon/plugins/eap_dynamic/Makefile.in
+++ b/src/libcharon/plugins/eap_dynamic/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in
index 4dc68f94f..f8b9580e8 100644
--- a/src/libcharon/plugins/eap_gtc/Makefile.in
+++ b/src/libcharon/plugins/eap_gtc/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in
index 44f097ef4..405660c8c 100644
--- a/src/libcharon/plugins/eap_identity/Makefile.in
+++ b/src/libcharon/plugins/eap_identity/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in
index 3c634db82..5e6da5e1b 100644
--- a/src/libcharon/plugins/eap_md5/Makefile.in
+++ b/src/libcharon/plugins/eap_md5/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in
index 505d6ea52..9ac83b0eb 100644
--- a/src/libcharon/plugins/eap_mschapv2/Makefile.in
+++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in
index 20f2ecab1..e3d498c5b 100644
--- a/src/libcharon/plugins/eap_peap/Makefile.in
+++ b/src/libcharon/plugins/eap_peap/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in
index f5100fc53..832c7d0dd 100644
--- a/src/libcharon/plugins/eap_radius/Makefile.in
+++ b/src/libcharon/plugins/eap_radius/Makefile.in
@@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -341,6 +340,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -361,8 +362,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -417,8 +416,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -447,8 +444,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in
index ae25d21c2..2996eaa8a 100644
--- a/src/libcharon/plugins/eap_sim/Makefile.in
+++ b/src/libcharon/plugins/eap_sim/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in
index a02cbbd23..3792f24aa 100644
--- a/src/libcharon/plugins/eap_sim_file/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_file/Makefile.in
@@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -341,6 +340,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -361,8 +362,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -417,8 +416,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -447,8 +444,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
index d9cfda351..3992a0f19 100644
--- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
@@ -316,7 +316,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -342,6 +341,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -362,8 +363,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -418,8 +417,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -448,8 +445,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.c b/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.c
index dbf660889..141b123ae 100644
--- a/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.c
+++ b/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.c
@@ -124,6 +124,7 @@ METHOD(simaka_card_t, get_triplet, bool,
if (rv != SCARD_S_SUCCESS)
{
DBG1(DBG_IKE, "SCardListReaders: %s", pcsc_stringify_error(rv));
+ free(mszReaders);
return FALSE;
}
diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
index 9f56b01da..8bc917d2a 100644
--- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
@@ -316,7 +316,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -342,6 +341,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -362,8 +363,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -418,8 +417,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -448,8 +445,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
index 9e41bf270..9a3aeb813 100644
--- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
@@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -341,6 +340,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -361,8 +362,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -417,8 +416,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -447,8 +444,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
index 0f6b7e95a..3f4b66735 100644
--- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in
index 83726b645..a5c69c5fb 100644
--- a/src/libcharon/plugins/eap_tls/Makefile.in
+++ b/src/libcharon/plugins/eap_tls/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in
index 1047ea0e0..f979c523a 100644
--- a/src/libcharon/plugins/eap_tnc/Makefile.in
+++ b/src/libcharon/plugins/eap_tnc/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in
index 1a779c60b..135d5e1b1 100644
--- a/src/libcharon/plugins/eap_ttls/Makefile.in
+++ b/src/libcharon/plugins/eap_ttls/Makefile.in
@@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -341,6 +340,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -361,8 +362,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -417,8 +416,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -447,8 +444,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in
index 7439befbc..66b7cad89 100644
--- a/src/libcharon/plugins/error_notify/Makefile.in
+++ b/src/libcharon/plugins/error_notify/Makefile.in
@@ -321,7 +321,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -347,6 +346,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -367,8 +368,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -423,8 +422,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -453,8 +450,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/ext_auth/Makefile.in b/src/libcharon/plugins/ext_auth/Makefile.in
index d669b5707..f7904fdde 100644
--- a/src/libcharon/plugins/ext_auth/Makefile.in
+++ b/src/libcharon/plugins/ext_auth/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in
index dc07f34c1..752fba7e6 100644
--- a/src/libcharon/plugins/farp/Makefile.in
+++ b/src/libcharon/plugins/farp/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/forecast/Makefile.in b/src/libcharon/plugins/forecast/Makefile.in
index f89ed736d..7e2f2a3c3 100644
--- a/src/libcharon/plugins/forecast/Makefile.in
+++ b/src/libcharon/plugins/forecast/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in
index 455108834..05093df22 100644
--- a/src/libcharon/plugins/ha/Makefile.in
+++ b/src/libcharon/plugins/ha/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/ha/ha_kernel.c b/src/libcharon/plugins/ha/ha_kernel.c
index 7fdcfef28..20cf04844 100644
--- a/src/libcharon/plugins/ha/ha_kernel.c
+++ b/src/libcharon/plugins/ha/ha_kernel.c
@@ -240,7 +240,7 @@ static void enable_disable(private_ha_kernel_t *this, u_int segment,
}
/**
- * Get the currenlty active segments in the kernel for a clusterip file
+ * Get the currently active segments in the kernel for a clusterip file
*/
static segment_mask_t get_active(private_ha_kernel_t *this, char *file)
{
diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in
index b212e2e33..74b3729c7 100644
--- a/src/libcharon/plugins/ipseckey/Makefile.in
+++ b/src/libcharon/plugins/ipseckey/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/kernel_iph/Makefile.in b/src/libcharon/plugins/kernel_iph/Makefile.in
index cc4450a95..fa8b093ca 100644
--- a/src/libcharon/plugins/kernel_iph/Makefile.in
+++ b/src/libcharon/plugins/kernel_iph/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/kernel_libipsec/Makefile.in b/src/libcharon/plugins/kernel_libipsec/Makefile.in
index 09c03ed33..478d53dba 100644
--- a/src/libcharon/plugins/kernel_libipsec/Makefile.in
+++ b/src/libcharon/plugins/kernel_libipsec/Makefile.in
@@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -341,6 +340,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -361,8 +362,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -417,8 +416,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -447,8 +444,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/kernel_netlink/Makefile.in b/src/libcharon/plugins/kernel_netlink/Makefile.in
index 7ec64084b..b6b3af6d5 100644
--- a/src/libcharon/plugins/kernel_netlink/Makefile.in
+++ b/src/libcharon/plugins/kernel_netlink/Makefile.in
@@ -355,7 +355,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -381,6 +380,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -401,8 +402,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -457,8 +456,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -487,8 +484,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 4926c3de8..1292e0895 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -1131,7 +1131,7 @@ static void process_mapping(private_kernel_netlink_ipsec_t *this,
static bool receive_events(private_kernel_netlink_ipsec_t *this, int fd,
watcher_event_t event)
{
- char response[1024];
+ char response[netlink_get_buflen()];
struct nlmsghdr *hdr = (struct nlmsghdr*)response;
struct sockaddr_nl addr;
socklen_t addr_len = sizeof(addr);
@@ -1336,6 +1336,23 @@ static bool add_mark(struct nlmsghdr *hdr, int buflen, mark_t mark)
}
/**
+ * Add a uint32 attribute to message
+ */
+static bool add_uint32(struct nlmsghdr *hdr, int buflen,
+ enum xfrm_attr_type_t type, uint32_t value)
+{
+ uint32_t *xvalue;
+
+ xvalue = netlink_reserve(hdr, buflen, type, sizeof(*xvalue));
+ if (!xvalue)
+ {
+ return FALSE;
+ }
+ *xvalue = value;
+ return TRUE;
+}
+
+/**
* Check if kernel supports HW offload
*/
static void netlink_find_offload_feature(const char *ifname, int query_socket)
@@ -1586,6 +1603,49 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
sa->id.proto = id->proto;
sa->family = id->src->get_family(id->src);
sa->mode = mode2kernel(mode);
+
+ if (!data->copy_df)
+ {
+ sa->flags |= XFRM_STATE_NOPMTUDISC;
+ }
+
+ if (!data->copy_ecn)
+ {
+ sa->flags |= XFRM_STATE_NOECN;
+ }
+
+ if (data->inbound)
+ {
+ switch (data->copy_dscp)
+ {
+ case DSCP_COPY_YES:
+ case DSCP_COPY_IN_ONLY:
+ sa->flags |= XFRM_STATE_DECAP_DSCP;
+ break;
+ default:
+ break;
+ }
+ }
+ else
+ {
+ switch (data->copy_dscp)
+ {
+ case DSCP_COPY_IN_ONLY:
+ case DSCP_COPY_NO:
+ {
+ /* currently the only extra flag */
+ if (!add_uint32(hdr, sizeof(request), XFRMA_SA_EXTRA_FLAGS,
+ XFRM_SA_XFLAG_DONT_ENCAP_DSCP))
+ {
+ goto failed;
+ }
+ break;
+ }
+ default:
+ break;
+ }
+ }
+
switch (mode)
{
case MODE_TUNNEL:
@@ -1829,17 +1889,23 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
goto failed;
}
+ if (ipcomp == IPCOMP_NONE && (data->mark.value | data->mark.mask))
+ {
+ if (!add_uint32(hdr, sizeof(request), XFRMA_SET_MARK,
+ data->mark.value) ||
+ !add_uint32(hdr, sizeof(request), XFRMA_SET_MARK_MASK,
+ data->mark.mask))
+ {
+ goto failed;
+ }
+ }
+
if (data->tfc && id->proto == IPPROTO_ESP && mode == MODE_TUNNEL)
{ /* the kernel supports TFC padding only for tunnel mode ESP SAs */
- uint32_t *tfcpad;
-
- tfcpad = netlink_reserve(hdr, sizeof(request), XFRMA_TFCPAD,
- sizeof(*tfcpad));
- if (!tfcpad)
+ if (!add_uint32(hdr, sizeof(request), XFRMA_TFCPAD, data->tfc))
{
goto failed;
}
- *tfcpad = data->tfc;
}
if (id->proto != IPPROTO_COMP)
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
index b6eb54370..760a875ca 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
@@ -1504,7 +1504,7 @@ static void process_rule(private_kernel_netlink_net_t *this, struct nlmsghdr *hd
static bool receive_events(private_kernel_netlink_net_t *this, int fd,
watcher_event_t event)
{
- char response[1536];
+ char response[netlink_get_buflen()];
struct nlmsghdr *hdr = (struct nlmsghdr*)response;
struct sockaddr_nl addr;
socklen_t addr_len = sizeof(addr);
@@ -2586,11 +2586,11 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this,
memset(half_net.ptr, 0, half_net.len);
half_prefixlen = 1;
- status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen,
- gateway, src_ip, if_name);
+ status = manage_srcroute(this, nlmsg_type, flags, half_net,
+ half_prefixlen, gateway, src_ip, if_name);
half_net.ptr[0] |= 0x80;
- status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen,
- gateway, src_ip, if_name);
+ status |= manage_srcroute(this, nlmsg_type, flags, half_net,
+ half_prefixlen, gateway, src_ip, if_name);
return status;
}
@@ -2925,7 +2925,7 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type,
msg->rtm_flags |= FIB_RULE_INVERT;
fwmark++;
}
- if (mark_from_string(fwmark, &mark))
+ if (mark_from_string(fwmark, MARK_OP_NONE, &mark))
{
chunk = chunk_from_thing(mark.value);
netlink_add_attribute(hdr, FRA_FWMARK, chunk, sizeof(request));
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
index 441c0c482..84d78eca2 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
@@ -381,7 +381,7 @@ static status_t send_once(private_netlink_socket_t *this, struct nlmsghdr *in,
for (i = 0, *out_len = 0; i < array_count(entry->hdrs); i++)
{
array_get(entry->hdrs, i, &hdr);
- *out_len += hdr->nlmsg_len;
+ *out_len += NLMSG_ALIGN(hdr->nlmsg_len);
}
ptr = malloc(*out_len);
*out = (struct nlmsghdr*)ptr;
@@ -394,7 +394,7 @@ static status_t send_once(private_netlink_socket_t *this, struct nlmsghdr *in,
hdr->nlmsg_seq, hdr, hdr->nlmsg_len);
}
memcpy(ptr, hdr, hdr->nlmsg_len);
- ptr += hdr->nlmsg_len;
+ ptr += NLMSG_ALIGN(hdr->nlmsg_len);
free(hdr);
}
destroy_entry(entry);
@@ -587,8 +587,31 @@ METHOD(netlink_socket_t, destroy, void,
free(this);
}
-/**
- * Described in header.
+/*
+ * Described in header
+ */
+u_int netlink_get_buflen()
+{
+ u_int buflen;
+
+ buflen = lib->settings->get_int(lib->settings,
+ "%s.plugins.kernel-netlink.buflen", 0, lib->ns);
+ if (!buflen)
+ {
+ long pagesize = sysconf(_SC_PAGESIZE);
+
+ if (pagesize == -1)
+ {
+ pagesize = 4096;
+ }
+ /* base this on NLMSG_GOODSIZE */
+ buflen = min(pagesize, 8192);
+ }
+ return buflen;
+}
+
+/*
+ * Described in header
*/
netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names,
bool parallel)
@@ -612,8 +635,7 @@ netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names,
.entries = hashtable_create(hashtable_hash_ptr, hashtable_equals_ptr, 4),
.protocol = protocol,
.names = names,
- .buflen = lib->settings->get_int(lib->settings,
- "%s.plugins.kernel-netlink.buflen", 0, lib->ns),
+ .buflen = netlink_get_buflen(),
.timeout = lib->settings->get_int(lib->settings,
"%s.plugins.kernel-netlink.timeout", 0, lib->ns),
.retries = lib->settings->get_int(lib->settings,
@@ -624,16 +646,6 @@ netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names,
.parallel = parallel,
);
- if (!this->buflen)
- {
- long pagesize = sysconf(_SC_PAGESIZE);
- if (pagesize == -1)
- {
- pagesize = 4096;
- }
- /* base this on NLMSG_GOODSIZE */
- this->buflen = min(pagesize, 8192);
- }
if (this->socket == -1)
{
DBG1(DBG_KNL, "unable to create netlink socket: %s (%d)",
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h
index 7056e6ccc..82dce4c5c 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h
@@ -101,4 +101,11 @@ void netlink_add_attribute(struct nlmsghdr *hdr, int rta_type, chunk_t data,
*/
void* netlink_reserve(struct nlmsghdr *hdr, int buflen, int type, int len);
+/**
+ * Determine buffer size for received messages (e.g. events).
+ *
+ * @return buffer size
+ */
+u_int netlink_get_buflen();
+
#endif /* KERNEL_NETLINK_SHARED_H_ */
diff --git a/src/libcharon/plugins/kernel_pfkey/Makefile.in b/src/libcharon/plugins/kernel_pfkey/Makefile.in
index 0d3d3775b..539d1dc46 100644
--- a/src/libcharon/plugins/kernel_pfkey/Makefile.in
+++ b/src/libcharon/plugins/kernel_pfkey/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 80c484b47..dbe409a62 100644
--- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -890,10 +890,15 @@ static kernel_algorithm_t encryption_algs[] = {
{ENCR_AES_GCM_ICV8, SADB_X_EALG_AES_GCM_ICV8 },
{ENCR_AES_GCM_ICV12, SADB_X_EALG_AES_GCM_ICV12 },
{ENCR_AES_GCM_ICV16, SADB_X_EALG_AES_GCM_ICV16 },
+#elif defined(SADB_X_EALG_AES_GCM) /* macOS */
+ {ENCR_AES_GCM_ICV16, SADB_X_EALG_AES_GCM },
#endif
#ifdef SADB_X_EALG_CAMELLIACBC
{ENCR_CAMELLIA_CBC, SADB_X_EALG_CAMELLIACBC },
#endif
+#ifdef SADB_X_EALG_CHACHA20POLY1305
+ {ENCR_CHACHA20_POLY1305, SADB_X_EALG_CHACHA20POLY1305},
+#endif
{END_OF_LIST, 0 },
};
@@ -2456,6 +2461,45 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this,
}
/**
+ * Check if any significant data has changed to warrant sending an update to
+ * the kernel.
+ */
+static bool policy_update_required(policy_sa_t *current, policy_sa_t *updated)
+{
+ if (current->type != updated->type
+#ifdef HAVE_STRUCT_SADB_X_POLICY_SADB_X_POLICY_PRIORITY
+ || current->priority != updated->priority
+#endif
+ )
+ {
+ return TRUE;
+ }
+ if (current->type == POLICY_IPSEC)
+ {
+ ipsec_sa_cfg_t *cur = &current->sa->cfg, *upd = &updated->sa->cfg;
+
+ /* we don't use ipsec_sa_cfg_equals() here as e.g. SPIs are not
+ * relevant for this kernel interface, so we don't have to update the
+ * policy during a rekeying */
+ if (cur->mode != upd->mode ||
+ cur->reqid != upd->reqid ||
+ cur->esp.use != upd->esp.use ||
+ cur->ah.use != upd->ah.use ||
+ cur->ipcomp.transform != upd->ipcomp.transform)
+ {
+ return TRUE;
+ }
+ if (cur->mode == MODE_TUNNEL &&
+ (!current->sa->src->ip_equals(current->sa->src, updated->sa->src) ||
+ !current->sa->dst->ip_equals(current->sa->dst, updated->sa->dst)))
+ {
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
+
+/**
* Add or update a policy in the kernel.
*
* Note: The mutex has to be locked when entering this function.
@@ -2629,7 +2673,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
kernel_ipsec_manage_policy_t *data)
{
policy_entry_t *policy, *found = NULL;
- policy_sa_t *assigned_sa, *current_sa;
+ policy_sa_t *assigned_sa, *current_sa = NULL;
enumerator_t *enumerator;
bool update = TRUE;
@@ -2692,6 +2736,13 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
policy->used_by->insert_before(policy->used_by, enumerator, assigned_sa);
enumerator->destroy(enumerator);
+ if (update && current_sa)
+ { /* check if there are actually any relevant changes, if not, we don't
+ * send an update to the kernel as e.g. FreeBSD doesn't do that
+ * atomically, causing unnecessary traffic loss during rekeyings */
+ update = policy_update_required(current_sa, assigned_sa);
+ }
+
if (!update)
{ /* we don't update the policy if the priority is lower than that of the
* currently installed one */
@@ -2889,22 +2940,28 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
return SUCCESS;
}
policy->used_by->remove(policy->used_by, to_remove, NULL);
- mapping = to_remove;
if (policy->used_by->get_count(policy->used_by) > 0)
{ /* policy is used by more SAs, keep in kernel */
DBG2(DBG_KNL, "policy still used by another CHILD_SA, not removed");
- policy_sa_destroy(mapping, id->dir, this);
+
+ if (is_installed)
+ { /* check if there are actually any relevant changes, if not, we do
+ * not send an update to the kernel as e.g. FreeBSD doesn't do that
+ * atomically, causing unnecessary traffic loss during rekeyings */
+ policy->used_by->get_first(policy->used_by, (void**)&mapping);
+ is_installed = policy_update_required(mapping, to_remove);
+ }
+ policy_sa_destroy(to_remove, id->dir, this);
if (!is_installed)
- { /* no need to update as the policy was not installed for this SA */
+ { /* no need to update as the policy */
this->mutex->unlock(this->mutex);
return SUCCESS;
}
DBG2(DBG_KNL, "updating policy %R === %R %N", id->src_ts, id->dst_ts,
policy_dir_names, id->dir);
- policy->used_by->get_first(policy->used_by, (void**)&mapping);
if (add_policy_internal(this, policy, mapping, TRUE) != SUCCESS)
{
DBG1(DBG_KNL, "unable to update policy %R === %R %N",
@@ -2926,7 +2983,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
pol->sadb_x_policy_len = PFKEY_LEN(sizeof(struct sadb_x_policy));
pol->sadb_x_policy_dir = dir2kernel(id->dir);
- pol->sadb_x_policy_type = type2kernel(mapping->type);
+ pol->sadb_x_policy_type = type2kernel(to_remove->type);
PFKEY_EXT_ADD(msg, pol);
add_addr_ext(msg, policy->src.net, SADB_EXT_ADDRESS_SRC, policy->src.proto,
@@ -2949,7 +3006,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
}
this->policies->remove(this->policies, found, NULL);
- policy_sa_destroy(mapping, id->dir, this);
+ policy_sa_destroy(to_remove, id->dir, this);
policy_entry_destroy(policy, this);
this->mutex->unlock(this->mutex);
diff --git a/src/libcharon/plugins/kernel_pfroute/Makefile.in b/src/libcharon/plugins/kernel_pfroute/Makefile.in
index dc4d1c852..b75e0bcde 100644
--- a/src/libcharon/plugins/kernel_pfroute/Makefile.in
+++ b/src/libcharon/plugins/kernel_pfroute/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/kernel_wfp/Makefile.in b/src/libcharon/plugins/kernel_wfp/Makefile.in
index 98e147717..36c3b828c 100644
--- a/src/libcharon/plugins/kernel_wfp/Makefile.in
+++ b/src/libcharon/plugins/kernel_wfp/Makefile.in
@@ -321,7 +321,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -347,6 +346,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -367,8 +368,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -423,8 +422,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -453,8 +450,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in
index 7abb83daa..d500bc704 100644
--- a/src/libcharon/plugins/led/Makefile.in
+++ b/src/libcharon/plugins/led/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in
index 42ad9abf3..deb3620c7 100644
--- a/src/libcharon/plugins/load_tester/Makefile.in
+++ b/src/libcharon/plugins/load_tester/Makefile.in
@@ -323,7 +323,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -349,6 +348,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -369,8 +370,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -425,8 +424,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -455,8 +452,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/load_tester/load_tester_control.c b/src/libcharon/plugins/load_tester/load_tester_control.c
index 24076d443..8e89ab435 100644
--- a/src/libcharon/plugins/load_tester/load_tester_control.c
+++ b/src/libcharon/plugins/load_tester/load_tester_control.c
@@ -69,7 +69,7 @@ struct init_listener_t {
hashtable_t *initiated;
/**
- * IKE_SAs we have completed to initate (success or failure)
+ * IKE_SAs we have completed to initiate (success or failure)
*/
hashtable_t *completed;
diff --git a/src/libcharon/plugins/lookip/Makefile.in b/src/libcharon/plugins/lookip/Makefile.in
index b8c5d2249..905ff8d35 100644
--- a/src/libcharon/plugins/lookip/Makefile.in
+++ b/src/libcharon/plugins/lookip/Makefile.in
@@ -319,7 +319,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -345,6 +344,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -365,8 +366,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -421,8 +420,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -451,8 +448,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in
index 47175b4b9..84d0b86ce 100644
--- a/src/libcharon/plugins/medcli/Makefile.in
+++ b/src/libcharon/plugins/medcli/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in
index 176e2a5cb..7300a774b 100644
--- a/src/libcharon/plugins/medsrv/Makefile.in
+++ b/src/libcharon/plugins/medsrv/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/osx_attr/Makefile.in b/src/libcharon/plugins/osx_attr/Makefile.in
index ec1916aba..7795ac7a6 100644
--- a/src/libcharon/plugins/osx_attr/Makefile.in
+++ b/src/libcharon/plugins/osx_attr/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/p_cscf/Makefile.in b/src/libcharon/plugins/p_cscf/Makefile.in
index 9afed4111..5500bdcba 100644
--- a/src/libcharon/plugins/p_cscf/Makefile.in
+++ b/src/libcharon/plugins/p_cscf/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/radattr/Makefile.in b/src/libcharon/plugins/radattr/Makefile.in
index ee16cceb8..f12e54e72 100644
--- a/src/libcharon/plugins/radattr/Makefile.in
+++ b/src/libcharon/plugins/radattr/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/resolve/Makefile.in b/src/libcharon/plugins/resolve/Makefile.in
index 45e2723cc..ec5c0d420 100644
--- a/src/libcharon/plugins/resolve/Makefile.in
+++ b/src/libcharon/plugins/resolve/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/save_keys/Makefile.in b/src/libcharon/plugins/save_keys/Makefile.in
index a56d8eacd..7b1ad145d 100644
--- a/src/libcharon/plugins/save_keys/Makefile.in
+++ b/src/libcharon/plugins/save_keys/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in
index 33484587b..9b476f807 100644
--- a/src/libcharon/plugins/smp/Makefile.in
+++ b/src/libcharon/plugins/smp/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/smp/smp.c b/src/libcharon/plugins/smp/smp.c
index 86296443d..29d3d2dad 100644
--- a/src/libcharon/plugins/smp/smp.c
+++ b/src/libcharon/plugins/smp/smp.c
@@ -76,7 +76,8 @@ static void write_id(xmlTextWriterPtr writer, char *element, identification_t *i
switch (id->get_type(id))
{
{
- char *type = "";
+ char *type;
+
while (TRUE)
{
case ID_ANY:
@@ -324,10 +325,12 @@ static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr write
xmlTextWriterStartElement(writer, "childconfig");
xmlTextWriterWriteElement(writer, "name",
child_cfg->get_name(child_cfg));
- list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
+ list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL,
+ NULL, FALSE);
write_networks(writer, "local", list);
list->destroy_offset(list, offsetof(traffic_selector_t, destroy));
- list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL);
+ list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL,
+ NULL, FALSE);
write_networks(writer, "remote", list);
list->destroy_offset(list, offsetof(traffic_selector_t, destroy));
xmlTextWriterEndElement(writer);
diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in
index 05684706e..50529c480 100644
--- a/src/libcharon/plugins/socket_default/Makefile.in
+++ b/src/libcharon/plugins/socket_default/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c
index 57e092968..68e5a7a0e 100644
--- a/src/libcharon/plugins/socket_default/socket_default_socket.c
+++ b/src/libcharon/plugins/socket_default/socket_default_socket.c
@@ -745,7 +745,7 @@ static int open_socket(private_socket_default_socket_t *this,
fwmark = lib->settings->get_str(lib->settings,
"%s.plugins.socket-default.fwmark", NULL, lib->ns);
- if (fwmark && mark_from_string(fwmark, &mark))
+ if (fwmark && mark_from_string(fwmark, MARK_OP_NONE, &mark))
{
if (setsockopt(skt, SOL_SOCKET, SO_MARK, &mark.value,
sizeof(mark.value)) < 0)
diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in
index 39558dc24..6ffcafa98 100644
--- a/src/libcharon/plugins/socket_dynamic/Makefile.in
+++ b/src/libcharon/plugins/socket_dynamic/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/socket_win/Makefile.in b/src/libcharon/plugins/socket_win/Makefile.in
index bb349c0a3..5c67e15fd 100644
--- a/src/libcharon/plugins/socket_win/Makefile.in
+++ b/src/libcharon/plugins/socket_win/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in
index 96733406e..a0fcd8857 100644
--- a/src/libcharon/plugins/sql/Makefile.in
+++ b/src/libcharon/plugins/sql/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in
index 3cf95f9a9..4124da4a6 100644
--- a/src/libcharon/plugins/stroke/Makefile.in
+++ b/src/libcharon/plugins/stroke/Makefile.in
@@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -341,6 +340,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -361,8 +362,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -417,8 +416,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -447,8 +444,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c
index d1bf139c2..d7671481d 100644
--- a/src/libcharon/plugins/stroke/stroke_list.c
+++ b/src/libcharon/plugins/stroke/stroke_list.c
@@ -580,8 +580,10 @@ METHOD(stroke_list_t, status, void,
children = peer_cfg->create_child_cfg_enumerator(peer_cfg);
while (children->enumerate(children, &child_cfg))
{
- my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
- other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL);
+ my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE,
+ NULL, NULL, FALSE);
+ other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE,
+ NULL, NULL, FALSE);
fprintf(out, "%12s: child: %#R === %#R %N",
child_cfg->get_name(child_cfg), my_ts, other_ts,
ipsec_mode_names, child_cfg->get_mode(child_cfg));
@@ -614,8 +616,10 @@ METHOD(stroke_list_t, status, void,
fprintf(out, "Shunted Connections:\n");
first = FALSE;
}
- my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
- other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL);
+ my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL,
+ NULL, FALSE);
+ other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL,
+ NULL, FALSE);
fprintf(out, "%12s: %#R === %#R %N\n",
child_cfg->get_name(child_cfg), my_ts, other_ts,
ipsec_mode_names, child_cfg->get_mode(child_cfg));
@@ -1055,7 +1059,7 @@ static void pool_leases(private_stroke_list_t *this, FILE *out, char *pool,
fprintf(out, "Leases in pool '%s', usage: %u/%u, %u online\n",
pool, online + offline, size, online);
enumerator = this->attribute->create_lease_enumerator(this->attribute, pool);
- while (enumerator && enumerator->enumerate(enumerator, &id, &lease, &on))
+ while (enumerator->enumerate(enumerator, &id, &lease, &on))
{
if (!address || address->ip_equals(address, lease))
{
diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in
index 0667d359c..aef21673b 100644
--- a/src/libcharon/plugins/systime_fix/Makefile.in
+++ b/src/libcharon/plugins/systime_fix/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in
index dcf2c5858..6f1a4a356 100644
--- a/src/libcharon/plugins/tnc_ifmap/Makefile.in
+++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in
@@ -316,7 +316,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -342,6 +341,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -362,8 +363,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -418,8 +417,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -448,8 +445,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.in b/src/libcharon/plugins/tnc_pdp/Makefile.in
index 02587d1f0..13cb136ab 100644
--- a/src/libcharon/plugins/tnc_pdp/Makefile.in
+++ b/src/libcharon/plugins/tnc_pdp/Makefile.in
@@ -317,7 +317,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -343,6 +342,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -363,8 +364,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -419,8 +418,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -449,8 +446,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
index 17f0cd464..bdad67ba5 100644
--- a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
+++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
@@ -665,7 +665,7 @@ static bool pt_tls_receive(private_tnc_pdp_t *this, int fd, watcher_event_t even
server_ip = host_create_any(client_ip->get_family(client_ip));
/* At this moment the client identity is not known yet */
- client_id = identification_create_from_encoding(ID_ANY, chunk_empty),
+ client_id = identification_create_from_encoding(ID_ANY, chunk_empty);
tnccs = tnc->tnccs->create_instance(tnc->tnccs, TNCCS_2_0, TRUE,
this->server, client_id, server_ip,
diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in
index a01a5f74e..da8e2a7c2 100644
--- a/src/libcharon/plugins/uci/Makefile.in
+++ b/src/libcharon/plugins/uci/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/unity/Makefile.in b/src/libcharon/plugins/unity/Makefile.in
index fd29de336..08924353c 100644
--- a/src/libcharon/plugins/unity/Makefile.in
+++ b/src/libcharon/plugins/unity/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/unity/unity_narrow.c b/src/libcharon/plugins/unity/unity_narrow.c
index 05ae8d504..afbd6cc7e 100644
--- a/src/libcharon/plugins/unity/unity_narrow.c
+++ b/src/libcharon/plugins/unity/unity_narrow.c
@@ -56,7 +56,7 @@ static void narrow_ts(child_cfg_t *cfg, traffic_selector_t *ts,
received = linked_list_create();
received->insert_last(received, ts);
- selected = cfg->get_traffic_selectors(cfg, FALSE, received, NULL);
+ selected = cfg->get_traffic_selectors(cfg, FALSE, received, NULL, FALSE);
while (selected->remove_first(selected, (void**)&ts) == SUCCESS)
{
list->insert_last(list, ts);
@@ -140,7 +140,8 @@ static void narrow_responder_post(child_cfg_t *child_cfg, linked_list_t *local)
{
ts->destroy(ts);
}
- configured = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
+ configured = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL,
+ FALSE);
while (configured->remove_first(configured, (void**)&ts) == SUCCESS)
{
diff --git a/src/libcharon/plugins/unity/unity_provider.c b/src/libcharon/plugins/unity/unity_provider.c
index b52ffeeb1..76aad47e6 100644
--- a/src/libcharon/plugins/unity/unity_provider.c
+++ b/src/libcharon/plugins/unity/unity_provider.c
@@ -160,7 +160,8 @@ METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg);
while (enumerator->enumerate(enumerator, &child_cfg))
{
- current = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
+ current = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL,
+ FALSE);
while (current->remove_first(current, (void**)&ts) == SUCCESS)
{
if (use_ts(ts))
diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in
index 0f2a055d2..4927e945a 100644
--- a/src/libcharon/plugins/updown/Makefile.in
+++ b/src/libcharon/plugins/updown/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/vici/Makefile.in b/src/libcharon/plugins/vici/Makefile.in
index d28223dca..31054634a 100644
--- a/src/libcharon/plugins/vici/Makefile.in
+++ b/src/libcharon/plugins/vici/Makefile.in
@@ -409,7 +409,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -435,6 +434,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -455,8 +456,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -511,8 +510,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -541,8 +538,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md
index 0038f0844..5bd8c1727 100644
--- a/src/libcharon/plugins/vici/README.md
+++ b/src/libcharon/plugins/vici/README.md
@@ -75,7 +75,7 @@ for example.
The defined packet types optionally wrap a message with additional data.
Messages are currently used in CMD_REQUEST/CMD_RESPONSE, and in EVENT packets.
-A message uses a hierarchial tree of sections. Each section (or the implicit
+A message uses a hierarchical tree of sections. Each section (or the implicit
root section) contains an arbitrary set of key/value pairs, lists and
sub-sections. The length of a message is not part of the message itself, but
the wrapping layer, usually calculated from the transport byte sequence length.
@@ -140,7 +140,7 @@ Consider the following structure using pseudo-markup for this example:
list1 = [ item1, item2 ]
}
-The example above reprensents a valid tree structure, that gets encoded as
+The example above represents a valid tree structure, that gets encoded as
the following C array:
char msg[] = {
@@ -302,6 +302,7 @@ Initiate the rekeying of an SA.
ike = <rekey an IKE_SA by configuration name>
child-id = <rekey a CHILD_SA by its reqid>
ike-id = <rekey an IKE_SA by its unique id>
+ reauth = <reauthenticate instead of rekey an IKEv2 SA>
} => {
success = <yes or no>
matches = <number of matched SAs>
diff --git a/src/libcharon/plugins/vici/perl/Makefile.in b/src/libcharon/plugins/vici/perl/Makefile.in
index 59b0774b8..42e35745e 100644
--- a/src/libcharon/plugins/vici/perl/Makefile.in
+++ b/src/libcharon/plugins/vici/perl/Makefile.in
@@ -227,7 +227,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -253,6 +252,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -273,8 +274,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -329,8 +328,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -359,8 +356,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Message.pm b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Message.pm
index b0a942c04..d0700fa97 100644
--- a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Message.pm
+++ b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Message.pm
@@ -29,7 +29,9 @@ sub from_data {
my $data = shift;
my %hash = ();
- parse($data, \%hash);
+ open my $data_fd, '<', \$data;
+ parse($data_fd, \%hash);
+ close $data_fd;
my $self = {
Hash => \%hash
@@ -62,29 +64,30 @@ sub result {
# private functions
sub parse {
- my $data = shift;
+ my $fd = shift;
my $hash = shift;
+ my $data;
- while (length($data) > 0)
+ until ( eof $fd )
{
- (my $type, $data) = unpack('Ca*', $data);
+ my $type = unpack('C', read_data($fd, 1));
- if ($type == SECTION_END)
- {
- return $data;
- }
+ if ( $type == SECTION_END )
+ {
+ return;
+ }
- (my $key, $data) = unpack('C/a*a*', $data);
+ my $key = read_len_data($fd, 1);
if ( $type == KEY_VALUE )
{
- (my $value, $data) = unpack('n/a*a*', $data);
+ my $value = read_len_data($fd, 2);
$hash->{$key} = $value;
}
elsif ( $type == SECTION_START )
{
my %section = ();
- $data = parse($data, \%section);
+ parse($fd, \%section);
$hash->{$key} = \%section;
}
elsif ( $type == LIST_START )
@@ -92,19 +95,20 @@ sub parse {
my @list = ();
my $more = 1;
- while (length($data) > 0 and $more)
+ while ( !eof($fd) and $more )
{
- (my $type, $data) = unpack('Ca*', $data);
+ my $type = unpack('C', read_data($fd, 1));
+
if ( $type == LIST_ITEM )
{
- (my $value, $data) = unpack('n/a*a*', $data);
+ my $value = read_len_data($fd, 2);
push(@list, $value);
}
elsif ( $type == LIST_END )
{
$more = 0;
$hash->{$key} = \@list;
- }
+ }
else
{
die "message parsing error: ", $type, "\n"
@@ -116,9 +120,28 @@ sub parse {
die "message parsing error: ", $type, "\n"
}
}
+}
+
+sub read_data {
+ my $fd = shift;
+ my $len = shift;
+ my $data;
+
+ my $res = read $fd, $data, $len;
+ unless (defined $res and $res == $len)
+ {
+ die "message parsing error: unable to read ", $len, " bytes\n";
+ }
return $data;
}
+sub read_len_data {
+ my $fd = shift;
+ my $len = shift;
+
+ $len = unpack($len == 1 ? 'C' : 'n', read_data($fd, $len));
+ return read_data($fd, $len);
+}
sub encode_hash {
my $hash = shift;
diff --git a/src/libcharon/plugins/vici/python/Makefile.in b/src/libcharon/plugins/vici/python/Makefile.in
index 057ea88f4..6592a1ae0 100644
--- a/src/libcharon/plugins/vici/python/Makefile.in
+++ b/src/libcharon/plugins/vici/python/Makefile.in
@@ -249,7 +249,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -275,6 +274,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -295,8 +296,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -351,8 +350,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -381,8 +378,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/vici/ruby/Makefile.in b/src/libcharon/plugins/vici/ruby/Makefile.in
index ff4e07d2d..fb9d348d1 100644
--- a/src/libcharon/plugins/vici/ruby/Makefile.in
+++ b/src/libcharon/plugins/vici/ruby/Makefile.in
@@ -227,7 +227,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -253,6 +252,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -273,8 +274,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -329,8 +328,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -359,8 +356,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/vici/ruby/lib/vici.rb b/src/libcharon/plugins/vici/ruby/lib/vici.rb
index f846a14af..61de99a1f 100644
--- a/src/libcharon/plugins/vici/ruby/lib/vici.rb
+++ b/src/libcharon/plugins/vici/ruby/lib/vici.rb
@@ -450,7 +450,7 @@ module Vici
##
# Flush credential cache.
- def flush_certs((match = nil)
+ def flush_certs(match = nil)
check_success(@transp.request("flush-certs", Message.new(match)))
end
diff --git a/src/libcharon/plugins/vici/vici_attribute.c b/src/libcharon/plugins/vici/vici_attribute.c
index 4d174253d..f7c7ce13a 100644
--- a/src/libcharon/plugins/vici/vici_attribute.c
+++ b/src/libcharon/plugins/vici/vici_attribute.c
@@ -705,7 +705,7 @@ CALLBACK(get_pools, vici_message_t*,
i = 0;
builder->begin_section(builder, "leases");
leases = vips->create_lease_enumerator(vips);
- while (leases && leases->enumerate(leases, &uid, &lease, &on))
+ while (leases->enumerate(leases, &uid, &lease, &on))
{
snprintf(buf, sizeof(buf), "%d", i++);
builder->begin_section(builder, buf);
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index f4e9e33ee..10c62dc89 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -2,8 +2,8 @@
* Copyright (C) 2014 Martin Willi
* Copyright (C) 2014 revosec AG
*
- * Copyright (C) 2015-2017 Tobias Brunner
- * Copyright (C) 2015-2016 Andreas Steffen
+ * Copyright (C) 2015-2018 Tobias Brunner
+ * Copyright (C) 2015-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -304,6 +304,8 @@ typedef struct {
bool mobike;
bool send_certreq;
bool pull;
+ identification_t *ppk_id;
+ bool ppk_required;
cert_policy_t send_cert;
uint64_t dpd_delay;
uint64_t dpd_timeout;
@@ -403,6 +405,8 @@ static void log_peer_data(peer_data_t *data)
DBG2(DBG_CFG, " remote_port = %u", data->remote_port);
DBG2(DBG_CFG, " send_certreq = %u", data->send_certreq);
DBG2(DBG_CFG, " send_cert = %N", cert_policy_names, data->send_cert);
+ DBG2(DBG_CFG, " ppk_id = %Y", data->ppk_id);
+ DBG2(DBG_CFG, " ppk_required = %u", data->ppk_required);
DBG2(DBG_CFG, " mobike = %u", data->mobike);
DBG2(DBG_CFG, " aggressive = %u", data->aggressive);
DBG2(DBG_CFG, " dscp = 0x%.2x", data->dscp);
@@ -469,6 +473,7 @@ static void free_peer_data(peer_data_t *data)
free(data->pools);
free(data->local_addrs);
free(data->remote_addrs);
+ DESTROY_IF(data->ppk_id);
#ifdef ME
free(data->mediated_by);
DESTROY_IF(data->peer_id);
@@ -484,7 +489,6 @@ typedef struct {
linked_list_t *local_ts;
linked_list_t *remote_ts;
uint32_t replay_window;
- bool policies;
child_cfg_create_t cfg;
} child_data_t;
@@ -511,7 +515,7 @@ static void log_child_data(child_data_t *data, char *name)
DBG2(DBG_CFG, " ipcomp = %u", has_opt(OPT_IPCOMP));
DBG2(DBG_CFG, " mode = %N%s", ipsec_mode_names, cfg->mode,
has_opt(OPT_PROXY_MODE) ? "_PROXY" : "");
- DBG2(DBG_CFG, " policies = %u", data->policies);
+ DBG2(DBG_CFG, " policies = %u", !has_opt(OPT_NO_POLICIES));
DBG2(DBG_CFG, " policies_fwd_out = %u", has_opt(OPT_FWD_OUT_POLICIES));
if (data->replay_window != REPLAY_UNDEFINED)
{
@@ -529,12 +533,19 @@ static void log_child_data(child_data_t *data, char *name)
DBG2(DBG_CFG, " mark_in_sa = %u", has_opt(OPT_MARK_IN_SA));
DBG2(DBG_CFG, " mark_out = %u/%u",
cfg->mark_out.value, cfg->mark_out.mask);
+ DBG2(DBG_CFG, " set_mark_in = %u/%u",
+ cfg->set_mark_in.value, cfg->set_mark_in.mask);
+ DBG2(DBG_CFG, " set_mark_out = %u/%u",
+ cfg->set_mark_out.value, cfg->set_mark_out.mask);
DBG2(DBG_CFG, " inactivity = %llu", cfg->inactivity);
DBG2(DBG_CFG, " proposals = %#P", data->proposals);
DBG2(DBG_CFG, " local_ts = %#R", data->local_ts);
DBG2(DBG_CFG, " remote_ts = %#R", data->remote_ts);
DBG2(DBG_CFG, " hw_offload = %N", hw_offload_names, cfg->hw_offload);
DBG2(DBG_CFG, " sha256_96 = %u", has_opt(OPT_SHA256_96));
+ DBG2(DBG_CFG, " copy_df = %u", !has_opt(OPT_NO_COPY_DF));
+ DBG2(DBG_CFG, " copy_ecn = %u", !has_opt(OPT_NO_COPY_ECN));
+ DBG2(DBG_CFG, " copy_dscp = %N", dscp_copy_names, cfg->copy_dscp);
}
/**
@@ -847,16 +858,17 @@ CALLBACK(parse_mode, bool,
}
/**
- * Enable a child_cfg_option_t
+ * Enable a child_cfg_option_t, the flag controls whether the option is enabled
+ * if the parsed value is TRUE or FALSE.
*/
static bool parse_option(child_cfg_option_t *out, child_cfg_option_t opt,
- chunk_t v)
+ chunk_t v, bool add_if_true)
{
bool val;
if (parse_bool(&val, v))
{
- if (val)
+ if (val == add_if_true)
{
*out |= opt;
}
@@ -871,7 +883,16 @@ static bool parse_option(child_cfg_option_t *out, child_cfg_option_t opt,
CALLBACK(parse_opt_haccess, bool,
child_cfg_option_t *out, chunk_t v)
{
- return parse_option(out, OPT_HOSTACCESS, v);
+ return parse_option(out, OPT_HOSTACCESS, v, TRUE);
+}
+
+/**
+ * Parse OPT_NO_POLICIES option
+ */
+CALLBACK(parse_opt_policies, bool,
+ child_cfg_option_t *out, chunk_t v)
+{
+ return parse_option(out, OPT_NO_POLICIES, v, FALSE);
}
/**
@@ -880,7 +901,7 @@ CALLBACK(parse_opt_haccess, bool,
CALLBACK(parse_opt_fwd_out, bool,
child_cfg_option_t *out, chunk_t v)
{
- return parse_option(out, OPT_FWD_OUT_POLICIES, v);
+ return parse_option(out, OPT_FWD_OUT_POLICIES, v, TRUE);
}
/**
@@ -889,17 +910,16 @@ CALLBACK(parse_opt_fwd_out, bool,
CALLBACK(parse_opt_ipcomp, bool,
child_cfg_option_t *out, chunk_t v)
{
- return parse_option(out, OPT_IPCOMP, v);
+ return parse_option(out, OPT_IPCOMP, v, TRUE);
}
-
/**
* Parse OPT_SHA256_96 option
*/
CALLBACK(parse_opt_sha256_96, bool,
child_cfg_option_t *out, chunk_t v)
{
- return parse_option(out, OPT_SHA256_96, v);
+ return parse_option(out, OPT_SHA256_96, v, TRUE);
}
/**
@@ -908,7 +928,47 @@ CALLBACK(parse_opt_sha256_96, bool,
CALLBACK(parse_opt_mark_in, bool,
child_cfg_option_t *out, chunk_t v)
{
- return parse_option(out, OPT_MARK_IN_SA, v);
+ return parse_option(out, OPT_MARK_IN_SA, v, TRUE);
+}
+
+/**
+ * Parse OPT_NO_COPY_DF option
+ */
+CALLBACK(parse_opt_copy_df, bool,
+ child_cfg_option_t *out, chunk_t v)
+{
+ return parse_option(out, OPT_NO_COPY_DF, v, FALSE);
+}
+
+/**
+ * Parse OPT_NO_COPY_ECN option
+ */
+CALLBACK(parse_opt_copy_ecn, bool,
+ child_cfg_option_t *out, chunk_t v)
+{
+ return parse_option(out, OPT_NO_COPY_ECN, v, FALSE);
+}
+
+/**
+ * Parse a dscp_copy_t
+ */
+CALLBACK(parse_copy_dscp, bool,
+ dscp_copy_t *out, chunk_t v)
+{
+ enum_map_t map[] = {
+ { "no", DSCP_COPY_NO },
+ { "in", DSCP_COPY_IN_ONLY },
+ { "out", DSCP_COPY_OUT_ONLY },
+ { "yes", DSCP_COPY_YES },
+ };
+ int d;
+
+ if (parse_map(map, countof(map), &d, v))
+ {
+ *out = d;
+ return TRUE;
+ }
+ return FALSE;
}
/**
@@ -1126,7 +1186,22 @@ CALLBACK(parse_mark, bool,
{
return FALSE;
}
- return mark_from_string(buf, out);
+ return mark_from_string(buf, MARK_OP_UNIQUE, out);
+}
+
+/**
+ * Parse a mark_t when using it as set_mark.
+ */
+CALLBACK(parse_set_mark, bool,
+ mark_t *out, chunk_t v)
+{
+ char buf[32];
+
+ if (!vici_stringify(v, buf, sizeof(buf)))
+ {
+ return FALSE;
+ }
+ return mark_from_string(buf, MARK_OP_SAME, out);
}
/**
@@ -1514,9 +1589,8 @@ CALLBACK(parse_hosts, bool,
return TRUE;
}
-#ifdef ME
/**
- * Parse peer ID
+ * Parse peer/ppk ID
*/
CALLBACK(parse_peer_id, bool,
identification_t **out, chunk_t v)
@@ -1530,7 +1604,7 @@ CALLBACK(parse_peer_id, bool,
*out = identification_create_from_string(buf);
return TRUE;
}
-#endif /* ME */
+
CALLBACK(cert_kv, bool,
cert_data_t *cert, vici_message_t *message, char *name, chunk_t value)
@@ -1567,7 +1641,7 @@ CALLBACK(child_kv, bool,
{ "updown", parse_string, &child->cfg.updown },
{ "hostaccess", parse_opt_haccess, &child->cfg.options },
{ "mode", parse_mode, &child->cfg },
- { "policies", parse_bool, &child->policies },
+ { "policies", parse_opt_policies, &child->cfg.options },
{ "policies_fwd_out", parse_opt_fwd_out, &child->cfg.options },
{ "replay_window", parse_uint32, &child->replay_window },
{ "rekey_time", parse_time, &child->cfg.lifetime.time.rekey },
@@ -1588,11 +1662,16 @@ CALLBACK(child_kv, bool,
{ "mark_in", parse_mark, &child->cfg.mark_in },
{ "mark_in_sa", parse_opt_mark_in, &child->cfg.options },
{ "mark_out", parse_mark, &child->cfg.mark_out },
+ { "set_mark_in", parse_set_mark, &child->cfg.set_mark_in },
+ { "set_mark_out", parse_set_mark, &child->cfg.set_mark_out },
{ "tfc_padding", parse_tfc, &child->cfg.tfc },
{ "priority", parse_uint32, &child->cfg.priority },
{ "interface", parse_string, &child->cfg.interface },
{ "hw_offload", parse_hw_offload, &child->cfg.hw_offload },
{ "sha256_96", parse_opt_sha256_96,&child->cfg.options },
+ { "copy_df", parse_opt_copy_df, &child->cfg.options },
+ { "copy_ecn", parse_opt_copy_ecn, &child->cfg.options },
+ { "copy_dscp", parse_copy_dscp, &child->cfg.copy_dscp },
};
return parse_rules(rules, countof(rules), name, value,
@@ -1604,7 +1683,7 @@ CALLBACK(auth_li, bool,
{
parse_rule_t rules[] = {
{ "groups", parse_group, auth->cfg },
- { "cert_policy", parse_cert_policy, auth },
+ { "cert_policy", parse_cert_policy, auth->cfg },
{ "certs", parse_certs, auth },
{ "cacerts", parse_cacerts, auth },
{ "pubkeys", parse_pubkeys, auth },
@@ -1669,6 +1748,8 @@ CALLBACK(peer_kv, bool,
{ "rekey_time", parse_time, &peer->rekey_time },
{ "over_time", parse_time, &peer->over_time },
{ "rand_time", parse_time, &peer->rand_time },
+ { "ppk_id", parse_peer_id, &peer->ppk_id },
+ { "ppk_required", parse_bool, &peer->ppk_required },
#ifdef ME
{ "mediation", parse_bool, &peer->mediation },
{ "mediated_by", parse_string, &peer->mediated_by },
@@ -1802,7 +1883,6 @@ CALLBACK(children_sn, bool,
.proposals = linked_list_create(),
.local_ts = linked_list_create(),
.remote_ts = linked_list_create(),
- .policies = TRUE,
.replay_window = REPLAY_UNDEFINED,
.cfg = {
.mode = MODE_TUNNEL,
@@ -1858,7 +1938,6 @@ CALLBACK(children_sn, bool,
child.proposals->insert_last(child.proposals, proposal);
}
}
- child.cfg.options |= child.policies ? 0 : OPT_NO_POLICIES;
check_lifetimes(&child.cfg.lifetime);
@@ -2212,8 +2291,8 @@ static void merge_config(private_vici_config_t *this, peer_cfg_t *peer_cfg)
{
DBG1(DBG_CFG, "replaced vici connection: %s",
peer_cfg->get_name(peer_cfg));
+ this->conns->insert_before(this->conns, enumerator, peer_cfg);
this->conns->remove_at(this->conns, enumerator);
- this->conns->insert_last(this->conns, peer_cfg);
handle_start_actions(this, current, TRUE);
handle_start_actions(this, peer_cfg, FALSE);
current->destroy(current);
@@ -2407,6 +2486,8 @@ CALLBACK(config_sn, bool,
.push_mode = !peer.pull,
.dpd = peer.dpd_delay,
.dpd_timeout = peer.dpd_timeout,
+ .ppk_id = peer.ppk_id ? peer.ppk_id->clone(peer.ppk_id) : NULL,
+ .ppk_required = peer.ppk_required,
};
#ifdef ME
cfg.mediation = peer.mediation;
diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
index ce19608dc..16e49fdbc 100644
--- a/src/libcharon/plugins/vici/vici_control.c
+++ b/src/libcharon/plugins/vici/vici_control.c
@@ -373,11 +373,13 @@ CALLBACK(rekey, vici_message_t*,
ike_sa_t *ike_sa;
child_sa_t *child_sa;
vici_builder_t *builder;
+ bool reauth;
child = request->get_str(request, NULL, "child");
ike = request->get_str(request, NULL, "ike");
child_id = request->get_int(request, 0, "child-id");
ike_id = request->get_int(request, 0, "ike-id");
+ reauth = request->get_bool(request, FALSE, "reauth");
if (!child && !ike && !ike_id && !child_id)
{
@@ -438,7 +440,7 @@ CALLBACK(rekey, vici_message_t*,
(ike_id && ike_id == ike_sa->get_unique_id(ike_sa)))
{
lib->processor->queue_job(lib->processor,
- (job_t*)rekey_ike_sa_job_create(ike_sa->get_id(ike_sa), FALSE));
+ (job_t*)rekey_ike_sa_job_create(ike_sa->get_id(ike_sa), reauth));
found++;
}
}
diff --git a/src/libcharon/plugins/vici/vici_cred.c b/src/libcharon/plugins/vici/vici_cred.c
index ec6c80a5b..038338805 100644
--- a/src/libcharon/plugins/vici/vici_cred.c
+++ b/src/libcharon/plugins/vici/vici_cred.c
@@ -442,6 +442,10 @@ CALLBACK(load_shared, vici_message_t*,
{
type = SHARED_NT_HASH;
}
+ else if (strcaseeq(str, "ppk"))
+ {
+ type = SHARED_PPK;
+ }
else
{
return create_reply("invalid shared key type: %s", str);
diff --git a/src/libcharon/plugins/vici/vici_message.c b/src/libcharon/plugins/vici/vici_message.c
index 13761f59d..df5b85c64 100644
--- a/src/libcharon/plugins/vici/vici_message.c
+++ b/src/libcharon/plugins/vici/vici_message.c
@@ -102,18 +102,10 @@ bool vici_verify_type(vici_type_t type, u_int section, bool list)
DBG1(DBG_ENC, "'%N' outside of section", vici_type_names, type);
return FALSE;
}
- if (type == VICI_END)
+ if (type == VICI_END && section)
{
- if (section)
- {
- DBG1(DBG_ENC, "'%N' within section", vici_type_names, type);
- return FALSE;
- }
- if (list)
- {
- DBG1(DBG_ENC, "'%N' within list", vici_type_names, type);
- return FALSE;
- }
+ DBG1(DBG_ENC, "'%N' within section", vici_type_names, type);
+ return FALSE;
}
return TRUE;
}
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
index 82c3d7855..d7b61ca72 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2015-2017 Tobias Brunner
- * Copyright (C) 2015 Andreas Steffen
+ * Copyright (C) 2015-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2014 Martin Willi
@@ -417,6 +417,7 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
b->add_kv(b, "dh-group", "%N", diffie_hellman_group_names, alg);
}
}
+ add_condition(b, ike_sa, "ppk", COND_PPK);
if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED)
{
@@ -570,7 +571,7 @@ static void raise_policy_cfg(private_vici_query_t *this, u_int id, char *ike,
list_mode(b, NULL, cfg);
b->begin_list(b, "local-ts");
- list = cfg->get_traffic_selectors(cfg, TRUE, NULL, NULL);
+ list = cfg->get_traffic_selectors(cfg, TRUE, NULL, NULL, FALSE);
enumerator = list->create_enumerator(list);
while (enumerator->enumerate(enumerator, &ts))
{
@@ -581,7 +582,7 @@ static void raise_policy_cfg(private_vici_query_t *this, u_int id, char *ike,
b->end_list(b /* local-ts */);
b->begin_list(b, "remote-ts");
- list = cfg->get_traffic_selectors(cfg, FALSE, NULL, NULL);
+ list = cfg->get_traffic_selectors(cfg, FALSE, NULL, NULL, FALSE);
enumerator = list->create_enumerator(list);
while (enumerator->enumerate(enumerator, &ts))
{
@@ -737,6 +738,18 @@ static void build_auth_cfgs(peer_cfg_t *peer_cfg, bool local, vici_builder_t *b)
rules->destroy(rules);
b->end_list(b);
+ b->begin_list(b, "cert_policy");
+ rules = auth->create_enumerator(auth);
+ while (rules->enumerate(rules, &rule, &v))
+ {
+ if (rule == AUTH_RULE_CERT_POLICY)
+ {
+ b->add_li(b, "%s", v.str);
+ }
+ }
+ rules->destroy(rules);
+ b->end_list(b);
+
b->begin_list(b, "certs");
rules = auth->create_enumerator(auth);
while (rules->enumerate(rules, &rule, &v))
@@ -775,6 +788,7 @@ CALLBACK(list_conns, vici_message_t*,
child_cfg_t *child_cfg;
char *ike, *str, *interface;
uint32_t manual_prio, dpd_delay, dpd_timeout;
+ identification_t *ppk_id;
linked_list_t *list;
traffic_selector_t *ts;
lifetime_cfg_t *lft;
@@ -837,6 +851,16 @@ CALLBACK(list_conns, vici_message_t*,
b->add_kv(b, "dpd_timeout", "%u", dpd_timeout);
}
+ ppk_id = peer_cfg->get_ppk_id(peer_cfg);
+ if (ppk_id)
+ {
+ b->add_kv(b, "ppk_id", "%Y", ppk_id);
+ }
+ if (peer_cfg->ppk_required(peer_cfg))
+ {
+ b->add_kv(b, "ppk_required", "yes");
+ }
+
build_auth_cfgs(peer_cfg, TRUE, b);
build_auth_cfgs(peer_cfg, FALSE, b);
@@ -861,7 +885,8 @@ CALLBACK(list_conns, vici_message_t*,
child_cfg->get_close_action(child_cfg));
b->begin_list(b, "local-ts");
- list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
+ list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL,
+ NULL, FALSE);
selectors = list->create_enumerator(list);
while (selectors->enumerate(selectors, &ts))
{
@@ -872,7 +897,8 @@ CALLBACK(list_conns, vici_message_t*,
b->end_list(b /* local-ts */);
b->begin_list(b, "remote-ts");
- list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL);
+ list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL,
+ NULL, FALSE);
selectors = list->create_enumerator(list);
while (selectors->enumerate(selectors, &ts))
{
diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in
index ad9a092cc..9a661077e 100644
--- a/src/libcharon/plugins/whitelist/Makefile.in
+++ b/src/libcharon/plugins/whitelist/Makefile.in
@@ -320,7 +320,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -346,6 +345,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -366,8 +367,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -422,8 +421,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -452,8 +449,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/xauth_eap/Makefile.in b/src/libcharon/plugins/xauth_eap/Makefile.in
index d702a01a6..f9b387d45 100644
--- a/src/libcharon/plugins/xauth_eap/Makefile.in
+++ b/src/libcharon/plugins/xauth_eap/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/xauth_generic/Makefile.in b/src/libcharon/plugins/xauth_generic/Makefile.in
index eeeb4190a..b26065c8c 100644
--- a/src/libcharon/plugins/xauth_generic/Makefile.in
+++ b/src/libcharon/plugins/xauth_generic/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.in b/src/libcharon/plugins/xauth_noauth/Makefile.in
index 87a6c872a..cd5848cf3 100644
--- a/src/libcharon/plugins/xauth_noauth/Makefile.in
+++ b/src/libcharon/plugins/xauth_noauth/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/xauth_pam/Makefile.in b/src/libcharon/plugins/xauth_pam/Makefile.in
index a224ffba4..26ab290c3 100644
--- a/src/libcharon/plugins/xauth_pam/Makefile.in
+++ b/src/libcharon/plugins/xauth_pam/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c b/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c
index 497ad3dd9..f979d1103 100644
--- a/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c
+++ b/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c
@@ -89,7 +89,7 @@ METHOD(plugin_t, get_features, int,
METHOD(plugin_t, destroy, void,
private_xauth_pam_plugin_t *this)
{
- this->listener->destroy(this->listener),
+ this->listener->destroy(this->listener);
free(this);
}
diff --git a/src/libcharon/sa/authenticator.h b/src/libcharon/sa/authenticator.h
index 42d9ce32e..58a8ca04f 100644
--- a/src/libcharon/sa/authenticator.h
+++ b/src/libcharon/sa/authenticator.h
@@ -1,6 +1,6 @@
/*
+ * Copyright (C) 2008-2018 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
- * Copyright (C) 2008 Tobias Brunner
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
*
@@ -157,6 +157,17 @@ struct authenticator_t {
status_t (*build)(authenticator_t *this, message_t *message);
/**
+ * Optional method to set a Postquantum Preshared Key (PPK) to be used
+ * during authentication.
+ *
+ * Has to be called before the final call to process()/build().
+ *
+ * @param ppk PPK to use
+ * @param no_ppk_auth whether to add a NO_PPK_AUTH notify in build()
+ */
+ void (*use_ppk)(authenticator_t *this, chunk_t ppk, bool no_ppk_auth);
+
+ /**
* Check if the authenticator is capable of mutual authentication.
*
* Some authenticator authenticate both peers, e.g. EAP. To support
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index 7eeb578f3..c33398bee 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -890,12 +890,21 @@ static status_t install_internal(private_child_sa_t *this, chunk_t encr,
.cpi = cpi,
.encap = this->encap,
.hw_offload = this->config->get_hw_offload(this->config),
+ .mark = this->config->get_set_mark(this->config, inbound),
.esn = esn,
+ .copy_df = !this->config->has_option(this->config, OPT_NO_COPY_DF),
+ .copy_ecn = !this->config->has_option(this->config, OPT_NO_COPY_ECN),
+ .copy_dscp = this->config->get_copy_dscp(this->config),
.initiator = initiator,
.inbound = inbound,
.update = update,
};
+ if (sa.mark.value == MARK_SAME)
+ {
+ sa.mark.value = inbound ? this->mark_in.value : this->mark_out.value;
+ }
+
status = charon->kernel->add_sa(charon->kernel, &id, &sa);
my_ts->destroy(my_ts);
@@ -1723,7 +1732,7 @@ static host_t* get_proxy_addr(child_cfg_t *config, host_t *ike, bool local)
traffic_selector_t *ts;
list = linked_list_create_with_items(ike, NULL);
- ts_list = config->get_traffic_selectors(config, local, NULL, list);
+ ts_list = config->get_traffic_selectors(config, local, NULL, list, FALSE);
list->destroy(list);
enumerator = ts_list->create_enumerator(ts_list);
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index f39fed6f0..a4ad866d3 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -674,6 +674,7 @@ METHOD(ike_sa_t, get_ike_cfg, ike_cfg_t*,
METHOD(ike_sa_t, set_ike_cfg, void,
private_ike_sa_t *this, ike_cfg_t *ike_cfg)
{
+ DESTROY_IF(this->ike_cfg);
ike_cfg->get_ref(ike_cfg);
this->ike_cfg = ike_cfg;
}
diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h
index 316b713ee..c1d3e1d7a 100644
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -156,6 +156,11 @@ enum ike_extension_t {
* IKEv2 Message ID sync, RFC 6311
*/
EXT_IKE_MESSAGE_ID_SYNC = (1<<14),
+
+ /**
+ * Postquantum Preshared Keys, draft-ietf-ipsecme-qr-ikev2
+ */
+ EXT_PPK = (1<<15),
};
/**
@@ -227,6 +232,11 @@ enum ike_condition_t {
* Online certificate revocation checking is suspended for this IKE_SA
*/
COND_ONLINE_VALIDATION_SUSPENDED = (1<<12),
+
+ /**
+ * A Postquantum Preshared Key was used when this IKE_SA was created
+ */
+ COND_PPK = (1<<13),
};
/**
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 2a499db40..c50c70860 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -2,7 +2,7 @@
* Copyright (C) 2005-2011 Martin Willi
* Copyright (C) 2011 revosec AG
*
- * Copyright (C) 2008-2017 Tobias Brunner
+ * Copyright (C) 2008-2018 Tobias Brunner
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
*
@@ -1620,17 +1620,6 @@ METHOD(ike_sa_manager_t, new_initiator_spi, bool,
unlock_single_segment(this, segment);
return FALSE;
}
- /* threads waiting for this entry do so using the (soon) wrong IKE_SA
- * ID and, therefore, likely on the wrong segment, so drive them out */
- entry->driveout_waiting_threads = TRUE;
- entry->driveout_new_threads = TRUE;
- while (entry->waiting_threads)
- {
- entry->condvar->broadcast(entry->condvar);
- entry->condvar->wait(entry->condvar, this->segments[segment].mutex);
- }
- remove_entry(this, entry);
- unlock_single_segment(this, segment);
}
else
{
@@ -1638,7 +1627,19 @@ METHOD(ike_sa_manager_t, new_initiator_spi, bool,
return FALSE;
}
+ /* the hashtable row and segment are determined by the local SPI as
+ * initiator, so if we change it the row and segment derived from it might
+ * change as well. This could be a problem for threads waiting for the
+ * entry (in particular those enumerating entries to check them out by
+ * unique ID or name). In order to avoid having to drive them out and thus
+ * preventing them from checking out the entry (even though the ID or name
+ * will not change and enumerating it is also fine), we mask the new SPI and
+ * merge it with the old SPI so the entry ends up in the same row/segment.
+ * Since SPIs are 64-bit and the number of rows/segments is usually
+ * relatively low this should not be a problem. */
spi = ike_sa_id->get_initiator_spi(ike_sa_id);
+ new_spi = (spi & (uint64_t)this->table_mask) |
+ (new_spi & ~(uint64_t)this->table_mask);
DBG2(DBG_MGR, "change initiator SPI of IKE_SA %s[%u] from %.16"PRIx64" to "
"%.16"PRIx64, ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa),
@@ -1647,10 +1648,7 @@ METHOD(ike_sa_manager_t, new_initiator_spi, bool,
ike_sa_id->set_initiator_spi(ike_sa_id, new_spi);
entry->ike_sa_id->replace_values(entry->ike_sa_id, ike_sa_id);
- entry->driveout_waiting_threads = FALSE;
- entry->driveout_new_threads = FALSE;
-
- segment = put_entry(this, entry);
+ entry->condvar->signal(entry->condvar);
unlock_single_segment(this, segment);
return TRUE;
}
@@ -2017,6 +2015,8 @@ static status_t enforce_replace(private_ike_sa_manager_t *this,
* CHILD_SAs to keep connectivity up. */
lib->scheduler->schedule_job(lib->scheduler, (job_t*)
delete_ike_sa_job_create(duplicate->get_id(duplicate), TRUE), 10);
+ DBG1(DBG_IKE, "schedule delete of duplicate IKE_SA for peer '%Y' due "
+ "to uniqueness policy and suspected reauthentication", other);
return SUCCESS;
}
DBG1(DBG_IKE, "deleting duplicate IKE_SA for peer '%Y' due to "
diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c
index 1de05b4ec..bcea1f388 100644
--- a/src/libcharon/sa/ikev1/keymat_v1.c
+++ b/src/libcharon/sa/ikev1/keymat_v1.c
@@ -219,7 +219,6 @@ static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e,
encryption_algorithm_names, alg, key_size);
return NULL;
}
- key_size = crypter->get_key_size(crypter);
if (!expand_skeyid_e(skeyid_e, crypter->get_key_size(crypter), prf, ka))
{
return NULL;
diff --git a/src/libcharon/sa/ikev1/phase1.c b/src/libcharon/sa/ikev1/phase1.c
index 5856f829e..b99d75142 100644
--- a/src/libcharon/sa/ikev1/phase1.c
+++ b/src/libcharon/sa/ikev1/phase1.c
@@ -311,7 +311,7 @@ static void save_auth_cfg(private_phase1_t *this,
return;
}
auth = auth_cfg_create();
- /* for local config, we _copy_ entires from the config, as it contains
+ /* for local config, we _copy_ entries from the config, as it contains
* certificates we must send later. */
auth->merge(auth, this->ike_sa->get_auth_cfg(this->ike_sa, local), local);
this->ike_sa->add_auth_cfg(this->ike_sa, local, auth);
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index 3472d2c35..5f6c3bbe8 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -721,6 +721,7 @@ METHOD(task_manager_t, initiate, status_t,
{
case IKE_CONNECTING:
/* close after sending an INFORMATIONAL when unestablished */
+ charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
return FAILED;
case IKE_DELETING:
/* close after sending a DELETE */
@@ -920,15 +921,16 @@ static bool process_dpd(private_task_manager_t *this, message_t *message)
}
else /* DPD_R_U_THERE_ACK */
{
- if (seq == this->dpd_send - 1)
+ if (seq == this->dpd_send)
{
+ this->dpd_send++;
this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
time_monotonic(NULL));
}
else
{
DBG1(DBG_IKE, "received invalid DPD sequence number %u "
- "(expected %u), ignored", seq, this->dpd_send - 1);
+ "(expected %u), ignored", seq, this->dpd_send);
}
}
return TRUE;
@@ -1843,7 +1845,7 @@ METHOD(task_manager_t, queue_dpd, void,
uint32_t t, retransmit;
queue_task(this, (task_t*)isakmp_dpd_create(this->ike_sa, DPD_R_U_THERE,
- this->dpd_send++));
+ this->dpd_send));
peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
/* compute timeout in milliseconds */
diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
index 82d647a6c..023119dd4 100644
--- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
@@ -270,11 +270,6 @@ METHOD(task_t, build_i, status_t,
return FAILED;
}
id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
- if (!id)
- {
- DBG1(DBG_CFG, "own identity not known");
- return FAILED;
- }
this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
id_payload = id_payload_create_from_identification(PLV1_ID, id);
this->id_data = id_payload->get_encoded(id_payload);
@@ -302,6 +297,7 @@ METHOD(task_t, build_i, status_t,
this->id_data))
{
this->id_data = chunk_empty;
+ charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
this->id_data = chunk_empty;
@@ -330,6 +326,7 @@ METHOD(task_t, build_i, status_t,
}
if (!establish(this))
{
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
break;
@@ -428,6 +425,7 @@ METHOD(task_t, process_r, status_t,
{
DBG1(DBG_IKE, "Aggressive Mode PSK disabled for "
"security reasons");
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
break;
@@ -455,6 +453,7 @@ METHOD(task_t, process_r, status_t,
if (!id_payload)
{
DBG1(DBG_IKE, "IDii payload missing");
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_notify(this, INVALID_PAYLOAD_TYPE);
}
@@ -465,6 +464,7 @@ METHOD(task_t, process_r, status_t,
this->method, TRUE, id);
if (!this->peer_cfg)
{
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg);
@@ -493,6 +493,7 @@ METHOD(task_t, process_r, status_t,
this->method, TRUE, NULL);
if (!this->peer_cfg)
{
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_delete(this);
}
this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg);
@@ -502,6 +503,7 @@ METHOD(task_t, process_r, status_t,
{
DBG1(DBG_IKE, "Aggressive Mode authorization hook forbids "
"IKE_SA, cancelling");
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_delete(this);
}
@@ -528,6 +530,7 @@ METHOD(task_t, process_r, status_t,
}
if (!establish(this))
{
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_delete(this);
}
job = adopt_children_job_create(
@@ -602,11 +605,6 @@ METHOD(task_t, build_r, status_t,
}
id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
- if (!id)
- {
- DBG1(DBG_CFG, "own identity not known");
- return send_notify(this, INVALID_ID_INFORMATION);
- }
this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
id_payload = id_payload_create_from_identification(PLV1_ID, id);
@@ -615,6 +613,7 @@ METHOD(task_t, build_r, status_t,
if (!this->ph1->build_auth(this->ph1, this->method, message,
id_payload->get_encoded(id_payload)))
{
+ charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
return NEED_MORE;
@@ -679,6 +678,7 @@ METHOD(task_t, process_i, status_t,
if (!id_payload)
{
DBG1(DBG_IKE, "IDir payload missing");
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_delete(this);
}
id = id_payload->get_identification(id_payload);
@@ -687,6 +687,7 @@ METHOD(task_t, process_i, status_t,
{
DBG1(DBG_IKE, "IDir '%Y' does not match to '%Y'", id, cid);
id->destroy(id);
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_notify(this, INVALID_ID_INFORMATION);
}
this->ike_sa->set_other_id(this->ike_sa, id);
@@ -698,6 +699,7 @@ METHOD(task_t, process_i, status_t,
if (!this->ph1->verify_auth(this->ph1, this->method, message,
id_payload->get_encoded(id_payload)))
{
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
if (!charon->bus->authorize(charon->bus, FALSE))
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
index 6a296f221..b26a11bb4 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
@@ -59,7 +59,7 @@ struct private_isakmp_vendor_t {
ike_sa_t *ike_sa;
/**
- * Are we the inititator of this task
+ * Are we the initiator of this task
*/
bool initiator;
diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c
index 1f764e547..b60c84992 100644
--- a/src/libcharon/sa/ikev1/tasks/main_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/main_mode.c
@@ -332,11 +332,6 @@ METHOD(task_t, build_i, status_t,
identification_t *id;
id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
- if (!id)
- {
- DBG1(DBG_CFG, "own identity not known");
- return send_notify(this, INVALID_ID_INFORMATION);
- }
this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
id_payload = id_payload_create_from_identification(PLV1_ID, id);
message->add_payload(message, &id_payload->payload_interface);
@@ -344,6 +339,7 @@ METHOD(task_t, build_i, status_t,
if (!this->ph1->build_auth(this->ph1, this->method, message,
id_payload->get_encoded(id_payload)))
{
+ charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
@@ -445,6 +441,7 @@ METHOD(task_t, process_r, status_t,
if (!id_payload)
{
DBG1(DBG_IKE, "IDii payload missing");
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_notify(this, INVALID_PAYLOAD_TYPE);
}
id = id_payload->get_identification(id_payload);
@@ -457,6 +454,7 @@ METHOD(task_t, process_r, status_t,
this->method, FALSE, id);
if (!this->peer_cfg)
{
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg);
@@ -472,6 +470,7 @@ METHOD(task_t, process_r, status_t,
{
DBG1(DBG_IKE, "Main Mode authorization hook forbids IKE_SA, "
"cancelling");
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
@@ -523,11 +522,6 @@ METHOD(task_t, build_r, status_t,
xauth_t *xauth = NULL;
id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
- if (!id)
- {
- DBG1(DBG_CFG, "own identity not known");
- return send_notify(this, INVALID_ID_INFORMATION);
- }
this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
id_payload = id_payload_create_from_identification(PLV1_ID, id);
@@ -536,6 +530,7 @@ METHOD(task_t, build_r, status_t,
if (!this->ph1->build_auth(this->ph1, this->method, message,
id_payload->get_encoded(id_payload)))
{
+ charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
@@ -562,6 +557,7 @@ METHOD(task_t, build_r, status_t,
}
if (!establish(this))
{
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
job = adopt_children_job_create(
@@ -688,6 +684,7 @@ METHOD(task_t, process_i, status_t,
if (!id_payload)
{
DBG1(DBG_IKE, "IDir payload missing");
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_delete(this);
}
id = id_payload->get_identification(id_payload);
@@ -696,6 +693,7 @@ METHOD(task_t, process_i, status_t,
{
DBG1(DBG_IKE, "IDir '%Y' does not match to '%Y'", id, cid);
id->destroy(id);
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_delete(this);
}
this->ike_sa->set_other_id(this->ike_sa, id);
@@ -703,12 +701,14 @@ METHOD(task_t, process_i, status_t,
if (!this->ph1->verify_auth(this->ph1, this->method, message,
id_payload->get_encoded(id_payload)))
{
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_delete(this);
}
if (!charon->bus->authorize(charon->bus, FALSE))
{
DBG1(DBG_IKE, "Main Mode authorization hook forbids IKE_SA, "
"cancelling");
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_delete(this);
}
@@ -736,6 +736,7 @@ METHOD(task_t, process_i, status_t,
}
if (!establish(this))
{
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_delete(this);
}
break;
diff --git a/src/libcharon/sa/ikev1/tasks/mode_config.c b/src/libcharon/sa/ikev1/tasks/mode_config.c
index 43897c304..9b692588d 100644
--- a/src/libcharon/sa/ikev1/tasks/mode_config.c
+++ b/src/libcharon/sa/ikev1/tasks/mode_config.c
@@ -583,7 +583,6 @@ static status_t build_ack(private_mode_config_t *this, message_t *message)
enumerator = this->vips->create_enumerator(this->vips);
while (enumerator->enumerate(enumerator, &host))
{
- type = INTERNAL_IP6_ADDRESS;
if (host->get_family(host) == AF_INET6)
{
type = INTERNAL_IP6_ADDRESS;
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
index 5e5b61e7f..007e94d96 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -544,7 +544,7 @@ static traffic_selector_t* select_ts(private_quick_mode_t *this, bool local,
hosts = get_dynamic_hosts(this->ike_sa, local);
list = this->config->get_traffic_selectors(this->config,
- local, supplied, hosts);
+ local, supplied, hosts, TRUE);
hosts->destroy(hosts);
if (list->get_first(list, (void**)&ts) == SUCCESS)
{
diff --git a/src/libcharon/sa/ikev1/tasks/xauth.c b/src/libcharon/sa/ikev1/tasks/xauth.c
index 968b4386c..bec2cfe7d 100644
--- a/src/libcharon/sa/ikev1/tasks/xauth.c
+++ b/src/libcharon/sa/ikev1/tasks/xauth.c
@@ -226,7 +226,7 @@ static bool select_compliant_config(private_xauth_t *this)
{ /* current config is fine */
return TRUE;
}
- DBG1(DBG_CFG, "selected peer config '%s' inacceptable",
+ DBG1(DBG_CFG, "selected peer config '%s' unacceptable",
old->get_name(old));
aggressive = old->use_aggressive(old);
diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
index bcf262725..e1e6cd7ee 100644
--- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012-2018 Tobias Brunner
* Copyright (C) 2006-2009 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
@@ -65,6 +65,16 @@ struct private_eap_authenticator_t {
char reserved[3];
/**
+ * PPK to use
+ */
+ chunk_t ppk;
+
+ /**
+ * Add a NO_PPK_AUTH notify
+ */
+ bool no_ppk_auth;
+
+ /**
* Current EAP method processing
*/
eap_method_t *method;
@@ -444,6 +454,7 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message,
chunk_t nonce, chunk_t init)
{
auth_payload_t *auth_payload;
+ notify_payload_t *notify;
chunk_t auth_data, recv_auth_data;
identification_t *other_id;
auth_cfg_t *auth;
@@ -458,14 +469,26 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message,
DBG1(DBG_IKE, "AUTH payload missing");
return FALSE;
}
+ recv_auth_data = auth_payload->get_data(auth_payload);
+
+ if (this->ike_sa->supports_extension(this->ike_sa, EXT_PPK) &&
+ !this->ppk.ptr)
+ { /* look for a NO_PPK_AUTH notify if we have no PPK */
+ notify = message->get_notify(message, NO_PPK_AUTH);
+ if (notify)
+ {
+ DBG1(DBG_IKE, "no PPK available, using NO_PPK_AUTH notify");
+ recv_auth_data = notify->get_notification_data(notify);
+ }
+ }
+
other_id = this->ike_sa->get_other_id(this->ike_sa);
keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa);
- if (!keymat->get_psk_sig(keymat, TRUE, init, nonce,
- this->msk, other_id, this->reserved, &auth_data))
+ if (!keymat->get_psk_sig(keymat, TRUE, init, nonce, this->msk, this->ppk,
+ other_id, this->reserved, &auth_data))
{
return FALSE;
}
- recv_auth_data = auth_payload->get_data(auth_payload);
if (!auth_data.len || !chunk_equals_const(auth_data, recv_auth_data))
{
DBG1(DBG_IKE, "verification of AUTH payload with%s EAP MSK failed",
@@ -507,8 +530,8 @@ static bool build_auth(private_eap_authenticator_t *this, message_t *message,
DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N",
my_id, auth_class_names, AUTH_CLASS_EAP);
- if (!keymat->get_psk_sig(keymat, FALSE, init, nonce,
- this->msk, my_id, this->reserved, &auth_data))
+ if (!keymat->get_psk_sig(keymat, FALSE, init, nonce, this->msk, this->ppk,
+ my_id, this->reserved, &auth_data))
{
return FALSE;
}
@@ -517,6 +540,18 @@ static bool build_auth(private_eap_authenticator_t *this, message_t *message,
auth_payload->set_data(auth_payload, auth_data);
message->add_payload(message, (payload_t*)auth_payload);
chunk_free(&auth_data);
+
+ if (this->no_ppk_auth)
+ {
+ if (!keymat->get_psk_sig(keymat, FALSE, init, nonce, this->msk,
+ chunk_empty, my_id, this->reserved, &auth_data))
+ {
+ DBG1(DBG_IKE, "failed adding NO_PPK_AUTH notify");
+ return FALSE;
+ }
+ message->add_notify(message, FALSE, NO_PPK_AUTH, auth_data);
+ chunk_free(&auth_data);
+ }
return TRUE;
}
@@ -698,6 +733,13 @@ METHOD(authenticator_t, is_mutual, bool,
return TRUE;
}
+METHOD(authenticator_t, use_ppk, void,
+ private_eap_authenticator_t *this, chunk_t ppk, bool no_ppk_auth)
+{
+ this->ppk = ppk;
+ this->no_ppk_auth = no_ppk_auth;
+}
+
METHOD(authenticator_t, destroy, void,
private_eap_authenticator_t *this)
{
@@ -723,6 +765,7 @@ eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa,
.authenticator = {
.build = _build_client,
.process = _process_client,
+ .use_ppk = _use_ppk,
.is_mutual = _is_mutual,
.destroy = _destroy,
},
@@ -753,6 +796,7 @@ eap_authenticator_t *eap_authenticator_create_verifier(ike_sa_t *ike_sa,
.authenticator = {
.build = _build_server,
.process = _process_server,
+ .use_ppk = _use_ppk,
.is_mutual = _is_mutual,
.destroy = _destroy,
},
diff --git a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
index c1decb130..76571e702 100644
--- a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2018 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -51,6 +52,16 @@ struct private_psk_authenticator_t {
* Reserved bytes of ID payload
*/
char reserved[3];
+
+ /**
+ * PPK to use
+ */
+ chunk_t ppk;
+
+ /**
+ * Add a NO_PPK_AUTH notify
+ */
+ bool no_ppk_auth;
};
METHOD(authenticator_t, build, status_t,
@@ -68,18 +79,19 @@ METHOD(authenticator_t, build, status_t,
DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N",
my_id, auth_method_names, AUTH_PSK);
key = lib->credmgr->get_shared(lib->credmgr, SHARED_IKE, my_id, other_id);
- if (key == NULL)
+ if (!key)
{
DBG1(DBG_IKE, "no shared key found for '%Y' - '%Y'", my_id, other_id);
return NOT_FOUND;
}
if (!keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, this->nonce,
- key->get_key(key), my_id, this->reserved, &auth_data))
+ key->get_key(key), this->ppk, my_id,
+ this->reserved, &auth_data))
{
key->destroy(key);
return FAILED;
}
- key->destroy(key);
+
DBG2(DBG_IKE, "successfully created shared key MAC");
auth_payload = auth_payload_create();
auth_payload->set_auth_method(auth_payload, AUTH_PSK);
@@ -87,6 +99,21 @@ METHOD(authenticator_t, build, status_t,
chunk_free(&auth_data);
message->add_payload(message, (payload_t*)auth_payload);
+ if (this->no_ppk_auth)
+ {
+ if (!keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, this->nonce,
+ key->get_key(key), chunk_empty, my_id,
+ this->reserved, &auth_data))
+ {
+ DBG1(DBG_IKE, "failed adding NO_PPK_AUTH notify");
+ key->destroy(key);
+ return SUCCESS;
+ }
+ DBG2(DBG_IKE, "successfully created shared key MAC without PPK");
+ message->add_notify(message, FALSE, NO_PPK_AUTH, auth_data);
+ chunk_free(&auth_data);
+ }
+ key->destroy(key);
return SUCCESS;
}
@@ -96,6 +123,7 @@ METHOD(authenticator_t, process, status_t,
chunk_t auth_data, recv_auth_data;
identification_t *my_id, *other_id;
auth_payload_t *auth_payload;
+ notify_payload_t *notify;
auth_cfg_t *auth;
shared_key_t *key;
enumerator_t *enumerator;
@@ -108,8 +136,20 @@ METHOD(authenticator_t, process, status_t,
{
return FAILED;
}
- keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa);
recv_auth_data = auth_payload->get_data(auth_payload);
+
+ if (this->ike_sa->supports_extension(this->ike_sa, EXT_PPK) &&
+ !this->ppk.ptr)
+ { /* look for a NO_PPK_AUTH notify if we have no PPK */
+ notify = message->get_notify(message, NO_PPK_AUTH);
+ if (notify)
+ {
+ DBG1(DBG_IKE, "no PPK available, using NO_PPK_AUTH notify");
+ recv_auth_data = notify->get_notification_data(notify);
+ }
+ }
+
+ keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa);
my_id = this->ike_sa->get_my_id(this->ike_sa);
other_id = this->ike_sa->get_other_id(this->ike_sa);
enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
@@ -119,7 +159,8 @@ METHOD(authenticator_t, process, status_t,
keys_found++;
if (!keymat->get_psk_sig(keymat, TRUE, this->ike_sa_init, this->nonce,
- key->get_key(key), other_id, this->reserved, &auth_data))
+ key->get_key(key), this->ppk, other_id,
+ this->reserved, &auth_data))
{
continue;
}
@@ -150,6 +191,13 @@ METHOD(authenticator_t, process, status_t,
return SUCCESS;
}
+METHOD(authenticator_t, use_ppk, void,
+ private_psk_authenticator_t *this, chunk_t ppk, bool no_ppk_auth)
+{
+ this->ppk = ppk;
+ this->no_ppk_auth = no_ppk_auth;
+}
+
METHOD(authenticator_t, destroy, void,
private_psk_authenticator_t *this)
{
@@ -170,6 +218,7 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa,
.authenticator = {
.build = _build,
.process = (void*)return_failed,
+ .use_ppk = _use_ppk,
.is_mutual = (void*)return_false,
.destroy = _destroy,
},
@@ -197,6 +246,7 @@ psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa,
.authenticator = {
.build = (void*)return_failed,
.process = _process,
+ .use_ppk = _use_ppk,
.is_mutual = (void*)return_false,
.destroy = _destroy,
},
diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index 652b837fe..1fcef03cc 100644
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -56,6 +56,16 @@ struct private_pubkey_authenticator_t {
* Reserved bytes of ID payload
*/
char reserved[3];
+
+ /**
+ * PPK to use
+ */
+ chunk_t ppk;
+
+ /**
+ * Add a NO_PPK_AUTH notify
+ */
+ bool no_ppk_auth;
};
/**
@@ -204,17 +214,42 @@ CALLBACK(destroy_scheme, void,
}
/**
+ * Adds the given auth data to the message, either in an AUTH payload or
+ * a NO_PPK_AUTH notify.
+ *
+ * The data is freed.
+ */
+static void add_auth_to_message(message_t *message, auth_method_t method,
+ chunk_t data, bool notify)
+{
+ auth_payload_t *auth_payload;
+
+ if (notify)
+ {
+ message->add_notify(message, FALSE, NO_PPK_AUTH, data);
+ }
+ else
+ {
+ auth_payload = auth_payload_create();
+ auth_payload->set_auth_method(auth_payload, method);
+ auth_payload->set_data(auth_payload, data);
+ message->add_payload(message, (payload_t*)auth_payload);
+ }
+ chunk_free(&data);
+}
+
+/**
* Create a signature using RFC 7427 signature authentication
*/
static status_t sign_signature_auth(private_pubkey_authenticator_t *this,
- auth_cfg_t *auth, private_key_t *private,
- identification_t *id, chunk_t *auth_data)
+ auth_cfg_t *auth, private_key_t *private,
+ identification_t *id, message_t *message)
{
enumerator_t *enumerator;
keymat_v2_t *keymat;
signature_params_t *params = NULL;
array_t *schemes;
- chunk_t octets = chunk_empty;
+ chunk_t octets = chunk_empty, auth_data;
status_t status = FAILED;
keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa);
@@ -227,26 +262,46 @@ static status_t sign_signature_auth(private_pubkey_authenticator_t *this,
return FAILED;
}
- if (keymat->get_auth_octets(keymat, FALSE, this->ike_sa_init,
- this->nonce, id, this->reserved, &octets,
- schemes))
+ if (keymat->get_auth_octets(keymat, FALSE, this->ike_sa_init, this->nonce,
+ this->ppk, id, this->reserved, &octets, schemes))
{
enumerator = array_create_enumerator(schemes);
while (enumerator->enumerate(enumerator, &params))
{
- if (private->sign(private, params->scheme, params->params, octets,
- auth_data) &&
- build_signature_auth_data(auth_data, params))
- {
- status = SUCCESS;
- break;
- }
- else
+ if (!private->sign(private, params->scheme, params->params, octets,
+ &auth_data) ||
+ !build_signature_auth_data(&auth_data, params))
{
DBG2(DBG_IKE, "unable to create %N signature for %N key",
signature_scheme_names, params->scheme, key_type_names,
private->get_type(private));
+ continue;
}
+ add_auth_to_message(message, AUTH_DS, auth_data, FALSE);
+ status = SUCCESS;
+
+ if (this->no_ppk_auth)
+ {
+ chunk_free(&octets);
+
+ if (keymat->get_auth_octets(keymat, FALSE, this->ike_sa_init,
+ this->nonce, chunk_empty, id,
+ this->reserved, &octets, schemes) &&
+ private->sign(private, params->scheme, params->params,
+ octets, &auth_data) &&
+ build_signature_auth_data(&auth_data, params))
+ {
+ add_auth_to_message(message, AUTH_DS, auth_data, TRUE);
+ }
+ else
+ {
+ DBG2(DBG_IKE, "unable to create %N signature for %N key "
+ "without PPK", signature_scheme_names, params->scheme,
+ key_type_names, private->get_type(private));
+ status = FAILED;
+ }
+ }
+ break;
}
enumerator->destroy(enumerator);
}
@@ -281,8 +336,8 @@ static status_t sign_signature_auth(private_pubkey_authenticator_t *this,
* keymat).
*/
static bool get_auth_octets_scheme(private_pubkey_authenticator_t *this,
- bool verify, identification_t *id,
- chunk_t *octets, signature_params_t **scheme)
+ bool verify, identification_t *id, chunk_t ppk,
+ chunk_t *octets, signature_params_t **scheme)
{
keymat_v2_t *keymat;
array_t *schemes;
@@ -293,7 +348,8 @@ static bool get_auth_octets_scheme(private_pubkey_authenticator_t *this,
keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa);
if (keymat->get_auth_octets(keymat, verify, this->ike_sa_init, this->nonce,
- id, this->reserved, octets, schemes) &&
+ ppk, id, this->reserved, octets,
+ schemes) &&
array_remove(schemes, 0, scheme))
{
success = TRUE;
@@ -311,19 +367,19 @@ static bool get_auth_octets_scheme(private_pubkey_authenticator_t *this,
*/
static status_t sign_classic(private_pubkey_authenticator_t *this,
auth_cfg_t *auth, private_key_t *private,
- identification_t *id, auth_method_t *auth_method,
- chunk_t *auth_data)
+ identification_t *id, message_t *message)
{
signature_scheme_t scheme;
signature_params_t *params;
- chunk_t octets = chunk_empty;
+ auth_method_t auth_method = AUTH_NONE;
+ chunk_t octets = chunk_empty, auth_data;
status_t status = FAILED;
switch (private->get_type(private))
{
case KEY_RSA:
scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
- *auth_method = AUTH_RSA;
+ auth_method = AUTH_RSA;
break;
case KEY_ECDSA:
/* deduct the signature scheme from the keysize */
@@ -331,15 +387,15 @@ static status_t sign_classic(private_pubkey_authenticator_t *this,
{
case 256:
scheme = SIGN_ECDSA_256;
- *auth_method = AUTH_ECDSA_256;
+ auth_method = AUTH_ECDSA_256;
break;
case 384:
scheme = SIGN_ECDSA_384;
- *auth_method = AUTH_ECDSA_384;
+ auth_method = AUTH_ECDSA_384;
break;
case 521:
scheme = SIGN_ECDSA_521;
- *auth_method = AUTH_ECDSA_521;
+ auth_method = AUTH_ECDSA_521;
break;
default:
DBG1(DBG_IKE, "%d bit ECDSA private key size not supported",
@@ -356,17 +412,34 @@ static status_t sign_classic(private_pubkey_authenticator_t *this,
INIT(params,
.scheme = scheme,
);
- if (get_auth_octets_scheme(this, FALSE, id, &octets, &params) &&
- private->sign(private, params->scheme, NULL, octets, auth_data))
+ if (get_auth_octets_scheme(this, FALSE, id, this->ppk, &octets, &params) &&
+ private->sign(private, params->scheme, NULL, octets, &auth_data))
{
+ add_auth_to_message(message, auth_method, auth_data, FALSE);
status = SUCCESS;
+
+ if (this->no_ppk_auth)
+ {
+ chunk_free(&octets);
+ if (get_auth_octets_scheme(this, FALSE, id, chunk_empty, &octets,
+ &params) &&
+ private->sign(private, params->scheme, NULL, octets,
+ &auth_data))
+ {
+ add_auth_to_message(message, auth_method, auth_data, TRUE);
+ }
+ else
+ {
+ status = FAILED;
+ }
+ }
}
if (params)
{
signature_params_destroy(params);
}
DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N %s", id,
- auth_method_names, *auth_method,
+ auth_method_names, auth_method,
status == SUCCESS ? "successful" : "failed");
chunk_free(&octets);
return status;
@@ -378,10 +451,7 @@ METHOD(authenticator_t, build, status_t,
private_key_t *private;
identification_t *id;
auth_cfg_t *auth;
- chunk_t auth_data;
status_t status;
- auth_payload_t *auth_payload;
- auth_method_t auth_method = AUTH_NONE;
id = this->ike_sa->get_my_id(this->ike_sa);
auth = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE);
@@ -394,24 +464,13 @@ METHOD(authenticator_t, build, status_t,
if (this->ike_sa->supports_extension(this->ike_sa, EXT_SIGNATURE_AUTH))
{
- auth_method = AUTH_DS;
- status = sign_signature_auth(this, auth, private, id, &auth_data);
+ status = sign_signature_auth(this, auth, private, id, message);
}
else
{
- status = sign_classic(this, auth, private, id, &auth_method,
- &auth_data);
+ status = sign_classic(this, auth, private, id, message);
}
private->destroy(private);
-
- if (status == SUCCESS)
- {
- auth_payload = auth_payload_create();
- auth_payload->set_auth_method(auth_payload, auth_method);
- auth_payload->set_data(auth_payload, auth_data);
- chunk_free(&auth_data);
- message->add_payload(message, (payload_t*)auth_payload);
- }
return status;
}
@@ -444,6 +503,7 @@ METHOD(authenticator_t, process, status_t,
public_key_t *public;
auth_method_t auth_method;
auth_payload_t *auth_payload;
+ notify_payload_t *notify;
chunk_t auth_data, octets;
identification_t *id;
auth_cfg_t *auth, *current_auth;
@@ -459,9 +519,21 @@ METHOD(authenticator_t, process, status_t,
{
return FAILED;
}
- INIT(params);
auth_method = auth_payload->get_auth_method(auth_payload);
auth_data = auth_payload->get_data(auth_payload);
+
+ if (this->ike_sa->supports_extension(this->ike_sa, EXT_PPK) &&
+ !this->ppk.ptr)
+ { /* look for a NO_PPK_AUTH notify if we have no PPK */
+ notify = message->get_notify(message, NO_PPK_AUTH);
+ if (notify)
+ {
+ DBG1(DBG_IKE, "no PPK available, using NO_PPK_AUTH notify");
+ auth_data = notify->get_notification_data(notify);
+ }
+ }
+
+ INIT(params);
switch (auth_method)
{
case AUTH_RSA:
@@ -491,7 +563,7 @@ METHOD(authenticator_t, process, status_t,
return INVALID_ARG;
}
id = this->ike_sa->get_other_id(this->ike_sa);
- if (!get_auth_octets_scheme(this, TRUE, id, &octets, &params))
+ if (!get_auth_octets_scheme(this, TRUE, id, this->ppk, &octets, &params))
{
return FAILED;
}
@@ -551,6 +623,13 @@ METHOD(authenticator_t, process, status_t,
return status;
}
+METHOD(authenticator_t, use_ppk, void,
+ private_pubkey_authenticator_t *this, chunk_t ppk, bool no_ppk_auth)
+{
+ this->ppk = ppk;
+ this->no_ppk_auth = no_ppk_auth;
+}
+
METHOD(authenticator_t, destroy, void,
private_pubkey_authenticator_t *this)
{
@@ -571,6 +650,7 @@ pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa,
.authenticator = {
.build = _build,
.process = (void*)return_failed,
+ .use_ppk = _use_ppk,
.is_mutual = (void*)return_false,
.destroy = _destroy,
},
@@ -598,6 +678,7 @@ pubkey_authenticator_t *pubkey_authenticator_create_verifier(ike_sa_t *ike_sa,
.authenticator = {
.build = (void*)return_failed,
.process = _process,
+ .use_ppk = _use_ppk,
.is_mutual = (void*)return_false,
.destroy = _destroy,
},
diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c
index f8b23b66e..db46b816b 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -491,6 +491,93 @@ failure:
return this->skp_build.len && this->skp_verify.len;
}
+/**
+ * Derives a key from the given key and a PRF that was initialized with a PPK
+ */
+static bool derive_ppk_key(prf_t *prf, char *name, chunk_t key,
+ chunk_t *new_key)
+{
+ prf_plus_t *prf_plus;
+
+ prf_plus = prf_plus_create(prf, TRUE, key);
+ if (!prf_plus ||
+ !prf_plus->allocate_bytes(prf_plus, key.len, new_key))
+ {
+ DBG1(DBG_IKE, "unable to derive %s with PPK", name);
+ DESTROY_IF(prf_plus);
+ return FALSE;
+ }
+ prf_plus->destroy(prf_plus);
+ return TRUE;
+}
+
+/**
+ * Use the given PPK to derive a new SK_pi/r
+ */
+static bool derive_skp_ppk(private_keymat_v2_t *this, chunk_t ppk, chunk_t skp,
+ chunk_t *new_skp)
+{
+ if (!this->prf->set_key(this->prf, ppk))
+ {
+ DBG1(DBG_IKE, "unable to set PPK in PRF");
+ return FALSE;
+ }
+ return derive_ppk_key(this->prf, "SK_p", skp, new_skp);
+}
+
+METHOD(keymat_v2_t, derive_ike_keys_ppk, bool,
+ private_keymat_v2_t *this, chunk_t ppk)
+{
+ chunk_t skd = chunk_empty, new_skpi = chunk_empty, new_skpr = chunk_empty;
+ chunk_t *skpi, *skpr;
+
+ if (!this->skd.ptr)
+ {
+ return FALSE;
+ }
+
+ if (this->initiator)
+ {
+ skpi = &this->skp_build;
+ skpr = &this->skp_verify;
+ }
+ else
+ {
+ skpi = &this->skp_verify;
+ skpr = &this->skp_build;
+ }
+
+ DBG4(DBG_IKE, "derive keys using PPK %B", &ppk);
+
+ if (!this->prf->set_key(this->prf, ppk))
+ {
+ DBG1(DBG_IKE, "unable to set PPK in PRF");
+ return FALSE;
+ }
+ if (!derive_ppk_key(this->prf, "Sk_d", this->skd, &skd) ||
+ !derive_ppk_key(this->prf, "Sk_pi", *skpi, &new_skpi) ||
+ !derive_ppk_key(this->prf, "Sk_pr", *skpr, &new_skpr))
+ {
+ chunk_clear(&skd);
+ chunk_clear(&new_skpi);
+ chunk_clear(&new_skpr);
+ return FALSE;
+ }
+
+ DBG4(DBG_IKE, "Sk_d secret %B", &skd);
+ chunk_clear(&this->skd);
+ this->skd = skd;
+
+ DBG4(DBG_IKE, "Sk_pi secret %B", &new_skpi);
+ chunk_clear(skpi);
+ *skpi = new_skpi;
+
+ DBG4(DBG_IKE, "Sk_pr secret %B", &new_skpr);
+ chunk_clear(skpr);
+ *skpr = new_skpr;
+ return TRUE;
+}
+
METHOD(keymat_v2_t, derive_child_keys, bool,
private_keymat_v2_t *this, proposal_t *proposal, diffie_hellman_t *dh,
chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i,
@@ -632,13 +719,23 @@ METHOD(keymat_t, get_aead, aead_t*,
METHOD(keymat_v2_t, get_auth_octets, bool,
private_keymat_v2_t *this, bool verify, chunk_t ike_sa_init,
- chunk_t nonce, identification_t *id, char reserved[3], chunk_t *octets,
- array_t *schemes)
+ chunk_t nonce, chunk_t ppk, identification_t *id, char reserved[3],
+ chunk_t *octets, array_t *schemes)
{
chunk_t chunk, idx;
+ chunk_t skp_ppk = chunk_empty;
chunk_t skp;
skp = verify ? this->skp_verify : this->skp_build;
+ if (ppk.ptr)
+ {
+ DBG4(DBG_IKE, "PPK %B", &ppk);
+ if (!derive_skp_ppk(this, ppk, skp, &skp_ppk))
+ {
+ return FALSE;
+ }
+ skp = skp_ppk;
+ }
chunk = chunk_alloca(4);
chunk.ptr[0] = id->get_type(id);
@@ -650,8 +747,10 @@ METHOD(keymat_v2_t, get_auth_octets, bool,
if (!this->prf->set_key(this->prf, skp) ||
!this->prf->allocate_bytes(this->prf, idx, &chunk))
{
+ chunk_clear(&skp_ppk);
return FALSE;
}
+ chunk_clear(&skp_ppk);
*octets = chunk_cat("ccm", ike_sa_init, nonce, chunk);
DBG3(DBG_IKE, "octets = message + nonce + prf(Sk_px, IDx') %B", octets);
return TRUE;
@@ -665,41 +764,53 @@ METHOD(keymat_v2_t, get_auth_octets, bool,
METHOD(keymat_v2_t, get_psk_sig, bool,
private_keymat_v2_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce,
- chunk_t secret, identification_t *id, char reserved[3], chunk_t *sig)
+ chunk_t secret, chunk_t ppk, identification_t *id, char reserved[3],
+ chunk_t *sig)
{
- chunk_t key_pad, key, octets;
+ chunk_t skp_ppk = chunk_empty, key = chunk_empty, octets = chunk_empty;
+ chunk_t key_pad;
+ bool success = FALSE;
if (!secret.len)
{ /* EAP uses SK_p if no MSK has been established */
secret = verify ? this->skp_verify : this->skp_build;
+ if (ppk.ptr)
+ {
+ if (!derive_skp_ppk(this, ppk, secret, &skp_ppk))
+ {
+ return FALSE;
+ }
+ secret = skp_ppk;
+ }
}
- if (!get_auth_octets(this, verify, ike_sa_init, nonce, id, reserved,
+ if (!get_auth_octets(this, verify, ike_sa_init, nonce, ppk, id, reserved,
&octets, NULL))
{
- return FALSE;
+ goto failure;
}
/* AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>) */
key_pad = chunk_create(IKEV2_KEY_PAD, IKEV2_KEY_PAD_LENGTH);
if (!this->prf->set_key(this->prf, secret) ||
!this->prf->allocate_bytes(this->prf, key_pad, &key))
{
- chunk_free(&octets);
- return FALSE;
+ goto failure;
}
if (!this->prf->set_key(this->prf, key) ||
!this->prf->allocate_bytes(this->prf, octets, sig))
{
- chunk_free(&key);
- chunk_free(&octets);
- return FALSE;
+ goto failure;
}
DBG4(DBG_IKE, "secret %B", &secret);
DBG4(DBG_IKE, "prf(secret, keypad) %B", &key);
DBG3(DBG_IKE, "AUTH = prf(prf(secret, keypad), octets) %B", sig);
+ success = TRUE;
+
+failure:
+ chunk_clear(&skp_ppk);
chunk_free(&octets);
chunk_free(&key);
+ return success;
- return TRUE;
}
METHOD(keymat_v2_t, hash_algorithm_supported, bool,
@@ -752,6 +863,7 @@ keymat_v2_t *keymat_v2_create(bool initiator)
.destroy = _destroy,
},
.derive_ike_keys = _derive_ike_keys,
+ .derive_ike_keys_ppk = _derive_ike_keys_ppk,
.derive_child_keys = _derive_child_keys,
.get_skd = _get_skd,
.get_auth_octets = _get_auth_octets,
diff --git a/src/libcharon/sa/ikev2/keymat_v2.h b/src/libcharon/sa/ikev2/keymat_v2.h
index 5dc9cda38..3cc071aeb 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.h
+++ b/src/libcharon/sa/ikev2/keymat_v2.h
@@ -58,6 +58,16 @@ struct keymat_v2_t {
chunk_t rekey_skd);
/**
+ * Derive SK_d, SK_pi and SK_pr after authentication using the given
+ * Postquantum Preshared Key and the previous values of these keys that
+ * were derived by derive_ike_keys().
+ *
+ * @param ppk the postquantum preshared key
+ * @return TRUE on success
+ */
+ bool (*derive_ike_keys_ppk)(keymat_v2_t *this, chunk_t ppk);
+
+ /**
* Derive keys for a CHILD_SA.
*
* The keys for the CHILD_SA are allocated in the integ and encr chunks.
@@ -95,9 +105,10 @@ struct keymat_v2_t {
* key. PSK and EAP authentication include a secret into the data, use
* the get_psk_sig() method instead.
*
- * @param verify TRUE to create for verfification, FALSE to sign
+ * @param verify TRUE to create for verification, FALSE to sign
* @param ike_sa_init encoded ike_sa_init message
* @param nonce nonce value
+ * @param ppk optional postquantum preshared key
* @param id identity
* @param reserved reserved bytes of id_payload
* @param octests chunk receiving allocated auth octets
@@ -107,7 +118,7 @@ struct keymat_v2_t {
* @return TRUE if octets created successfully
*/
bool (*get_auth_octets)(keymat_v2_t *this, bool verify, chunk_t ike_sa_init,
- chunk_t nonce, identification_t *id,
+ chunk_t nonce, chunk_t ppk, identification_t *id,
char reserved[3], chunk_t *octets,
array_t *schemes);
/**
@@ -117,17 +128,18 @@ struct keymat_v2_t {
* includes the secret into the signature. If no secret is given, SK_p is
* used as secret (used for EAP methods without MSK).
*
- * @param verify TRUE to create for verfification, FALSE to sign
+ * @param verify TRUE to create for verification, FALSE to sign
* @param ike_sa_init encoded ike_sa_init message
* @param nonce nonce value
* @param secret optional secret to include into signature
+ * @param ppk optional postquantum preshared key
* @param id identity
* @param reserved reserved bytes of id_payload
* @param sign chunk receiving allocated signature octets
* @return TRUE if signature created successfully
*/
bool (*get_psk_sig)(keymat_v2_t *this, bool verify, chunk_t ike_sa_init,
- chunk_t nonce, chunk_t secret,
+ chunk_t nonce, chunk_t secret, chunk_t ppk,
identification_t *id, char reserved[3], chunk_t *sig);
/**
diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index fff567233..910c77a2d 100644
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -109,7 +109,7 @@ struct private_task_manager_t {
array_t *packets;
/**
- * type of the initated exchange
+ * type of the initiated exchange
*/
exchange_type_t type;
@@ -1946,8 +1946,7 @@ METHOD(task_manager_t, queue_dpd, void,
{
ike_mobike_t *mobike;
- if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE) &&
- this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE))
+ if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
{
#ifdef ME
peer_cfg_t *cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index c90af23b9..c7eb0c854 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -481,12 +481,14 @@ static linked_list_t* narrow_ts(private_child_create_t *this, bool local,
this->ike_sa->has_condition(this->ike_sa, cond))
{
nat = get_transport_nat_ts(this, local, in);
- ts = this->config->get_traffic_selectors(this->config, local, nat, hosts);
+ ts = this->config->get_traffic_selectors(this->config, local, nat,
+ hosts, TRUE);
nat->destroy_offset(nat, offsetof(traffic_selector_t, destroy));
}
else
{
- ts = this->config->get_traffic_selectors(this->config, local, in, hosts);
+ ts = this->config->get_traffic_selectors(this->config, local, in,
+ hosts, TRUE);
}
hosts->destroy(hosts);
@@ -497,8 +499,8 @@ static linked_list_t* narrow_ts(private_child_create_t *this, bool local,
/**
* Install a CHILD_SA for usage, return value:
* - FAILED: no acceptable proposal
- * - INVALID_ARG: diffie hellman group inacceptable
- * - NOT_FOUND: TS inacceptable
+ * - INVALID_ARG: diffie hellman group unacceptable
+ * - NOT_FOUND: TS unacceptable
*/
static status_t select_and_install(private_child_create_t *this,
bool no_dh, bool ike_auth)
@@ -559,7 +561,7 @@ static status_t select_and_install(private_child_create_t *this,
if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP,
&group, NULL))
{
- DBG1(DBG_IKE, "DH group %N inacceptable, requesting %N",
+ DBG1(DBG_IKE, "DH group %N unacceptable, requesting %N",
diffie_hellman_group_names, this->dh_group,
diffie_hellman_group_names, group);
this->dh_group = group;
@@ -1075,7 +1077,7 @@ METHOD(task_t, build_i, status_t,
if (list->get_count(list))
{
this->tsi = this->config->get_traffic_selectors(this->config,
- TRUE, NULL, list);
+ TRUE, NULL, list, TRUE);
list->destroy_offset(list, offsetof(host_t, destroy));
}
else
@@ -1083,12 +1085,12 @@ METHOD(task_t, build_i, status_t,
list->destroy(list);
list = get_dynamic_hosts(this->ike_sa, TRUE);
this->tsi = this->config->get_traffic_selectors(this->config,
- TRUE, NULL, list);
+ TRUE, NULL, list, TRUE);
list->destroy(list);
}
list = get_dynamic_hosts(this->ike_sa, FALSE);
this->tsr = this->config->get_traffic_selectors(this->config,
- FALSE, NULL, list);
+ FALSE, NULL, list, TRUE);
list->destroy(list);
if (this->packet_tsi)
@@ -1356,7 +1358,7 @@ METHOD(task_t, build_r, status_t,
}
if (this->config == NULL)
{
- DBG1(DBG_IKE, "traffic selectors %#R === %#R inacceptable",
+ DBG1(DBG_IKE, "traffic selectors %#R === %#R unacceptable",
this->tsr, this->tsi);
charon->bus->alert(charon->bus, ALERT_TS_MISMATCH, this->tsi, this->tsr);
message->add_notify(message, FALSE, TS_UNACCEPTABLE, chunk_empty);
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c
index 6b63197d5..b055ff064 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012-2015 Tobias Brunner
+ * Copyright (C) 2012-2018 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -24,6 +24,7 @@
#include <encoding/payloads/auth_payload.h>
#include <encoding/payloads/eap_payload.h>
#include <encoding/payloads/nonce_payload.h>
+#include <sa/ikev2/keymat_v2.h>
#include <sa/ikev2/authenticators/eap_authenticator.h>
#include <processing/jobs/delete_ike_sa_job.h>
@@ -60,6 +61,16 @@ struct private_ike_auth_t {
chunk_t other_nonce;
/**
+ * PPK_ID sent or received
+ */
+ identification_t *ppk_id;
+
+ /**
+ * Optional PPK to use
+ */
+ chunk_t ppk;
+
+ /**
* IKE_SA_INIT message sent by us
*/
packet_t *my_packet;
@@ -144,7 +155,7 @@ static status_t collect_my_init_data(private_ike_auth_t *this,
/* get the nonce that was generated in ike_init */
nonce = (nonce_payload_t*)message->get_payload(message, PLV2_NONCE);
- if (nonce == NULL)
+ if (!nonce)
{
return FAILED;
}
@@ -170,7 +181,7 @@ static status_t collect_other_init_data(private_ike_auth_t *this,
/* get the nonce that was generated in ike_init */
nonce = (nonce_payload_t*)message->get_payload(message, PLV2_NONCE);
- if (nonce == NULL)
+ if (!nonce)
{
return FAILED;
}
@@ -279,19 +290,47 @@ static bool do_another_auth(private_ike_auth_t *this)
}
/**
+ * Check if this is the first authentication round
+ */
+static bool is_first_round(private_ike_auth_t *this, bool local)
+{
+ enumerator_t *done;
+ auth_cfg_t *cfg;
+
+ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MULTIPLE_AUTH))
+ {
+ return TRUE;
+ }
+
+ done = this->ike_sa->create_auth_cfg_enumerator(this->ike_sa, local);
+ if (done->enumerate(done, &cfg))
+ {
+ done->destroy(done);
+ return FALSE;
+ }
+ done->destroy(done);
+ return TRUE;
+}
+
+/**
* Get peer configuration candidates from backends
*/
static bool load_cfg_candidates(private_ike_auth_t *this)
{
enumerator_t *enumerator;
peer_cfg_t *peer_cfg;
+ ike_cfg_t *ike_cfg;
host_t *me, *other;
identification_t *my_id, *other_id;
+ proposal_t *ike_proposal;
+ bool private;
me = this->ike_sa->get_my_host(this->ike_sa);
other = this->ike_sa->get_other_host(this->ike_sa);
my_id = this->ike_sa->get_my_id(this->ike_sa);
other_id = this->ike_sa->get_other_id(this->ike_sa);
+ ike_proposal = this->ike_sa->get_proposal(this->ike_sa);
+ private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN);
DBG1(DBG_CFG, "looking for peer configs matching %H[%Y]...%H[%Y]",
me, my_id, other, other_id);
@@ -299,11 +338,18 @@ static bool load_cfg_candidates(private_ike_auth_t *this)
me, other, my_id, other_id, IKEV2);
while (enumerator->enumerate(enumerator, &peer_cfg))
{
+ /* ignore all configs that have no matching IKE proposal */
+ ike_cfg = peer_cfg->get_ike_cfg(peer_cfg);
+ if (!ike_cfg->has_proposal(ike_cfg, ike_proposal, private))
+ {
+ DBG2(DBG_CFG, "ignore candidate '%s' without matching IKE proposal",
+ peer_cfg->get_name(peer_cfg));
+ continue;
+ }
peer_cfg->get_ref(peer_cfg);
- if (this->peer_cfg == NULL)
+ if (!this->peer_cfg)
{ /* best match */
this->peer_cfg = peer_cfg;
- this->ike_sa->set_peer_cfg(this->ike_sa, peer_cfg);
}
else
{
@@ -313,6 +359,7 @@ static bool load_cfg_candidates(private_ike_auth_t *this)
enumerator->destroy(enumerator);
if (this->peer_cfg)
{
+ this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg);
DBG1(DBG_CFG, "selected peer config '%s'",
this->peer_cfg->get_name(this->peer_cfg));
return TRUE;
@@ -369,7 +416,7 @@ static bool update_cfg_candidates(private_ike_auth_t *this, bool strict)
{
break;
}
- DBG1(DBG_CFG, "selected peer config '%s' inacceptable: %s",
+ DBG1(DBG_CFG, "selected peer config '%s' unacceptable: %s",
this->peer_cfg->get_name(this->peer_cfg), comply_error);
this->peer_cfg->destroy(this->peer_cfg);
}
@@ -391,6 +438,149 @@ static bool update_cfg_candidates(private_ike_auth_t *this, bool strict)
return this->peer_cfg != NULL;
}
+/**
+ * Currently defined PPK_ID types
+ */
+#define PPK_ID_OPAQUE 1
+#define PPK_ID_FIXED 2
+
+/**
+ * Parse the payload data of the given PPK_IDENTITY notify
+ */
+static bool parse_ppk_identity(notify_payload_t *notify, identification_t **id)
+{
+ chunk_t data;
+
+ data = notify->get_notification_data(notify);
+ if (data.len < 2)
+ {
+ return FALSE;
+ }
+ switch (data.ptr[0])
+ {
+ case PPK_ID_FIXED:
+ data = chunk_skip(data, 1);
+ break;
+ default:
+ return FALSE;
+ }
+ *id = identification_create_from_data(data);
+ return TRUE;
+}
+
+/**
+ * Add a PPK_IDENTITY with the given PPK_ID to the given message
+ */
+static void add_ppk_identity(identification_t *id, message_t *msg)
+{
+ chunk_t data;
+ uint8_t type = PPK_ID_FIXED;
+
+ /* we currently only support one type */
+ data = chunk_cata("cc", chunk_from_thing(type), id->get_encoding(id));
+ msg->add_notify(msg, FALSE, PPK_IDENTITY, data);
+}
+
+/**
+ * Use the given PPK_ID to find a PPK and store it and the ID in the task
+ */
+static bool get_ppk(private_ike_auth_t *this, identification_t *ppk_id)
+{
+ shared_key_t *key;
+
+ key = lib->credmgr->get_shared(lib->credmgr, SHARED_PPK, ppk_id, NULL);
+ if (!key)
+ {
+ if (this->peer_cfg->ppk_required(this->peer_cfg))
+ {
+ DBG1(DBG_CFG, "PPK required but no PPK found for '%Y'", ppk_id);
+ return FALSE;
+ }
+ DBG1(DBG_CFG, "no PPK for '%Y' found, ignored because PPK is not "
+ "required", ppk_id);
+ return TRUE;
+ }
+ this->ppk = chunk_clone(key->get_key(key));
+ this->ppk_id = ppk_id->clone(ppk_id);
+ key->destroy(key);
+ return TRUE;
+}
+
+/**
+ * Check if we have a PPK available and, if not, whether we require one as
+ * initiator
+ */
+static bool get_ppk_i(private_ike_auth_t *this)
+{
+ identification_t *ppk_id;
+
+ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_PPK))
+ {
+ if (this->peer_cfg->ppk_required(this->peer_cfg))
+ {
+ DBG1(DBG_CFG, "PPK required but peer does not support PPK");
+ return FALSE;
+ }
+ return TRUE;
+ }
+
+ ppk_id = this->peer_cfg->get_ppk_id(this->peer_cfg);
+ if (!ppk_id)
+ {
+ if (this->peer_cfg->ppk_required(this->peer_cfg))
+ {
+ DBG1(DBG_CFG, "PPK required but no PPK_ID configured");
+ return FALSE;
+ }
+ return TRUE;
+ }
+ return get_ppk(this, ppk_id);
+}
+
+/**
+ * Check if we have a PPK available and if not whether we require one as
+ * responder
+ */
+static bool get_ppk_r(private_ike_auth_t *this, message_t *msg)
+{
+ notify_payload_t *notify;
+ identification_t *ppk_id, *ppk_id_cfg;
+ bool result;
+
+ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_PPK))
+ {
+ if (this->peer_cfg->ppk_required(this->peer_cfg))
+ {
+ DBG1(DBG_CFG, "PPK required but peer does not support PPK");
+ return FALSE;
+ }
+ return TRUE;
+ }
+
+ notify = msg->get_notify(msg, PPK_IDENTITY);
+ if (!notify || !parse_ppk_identity(notify, &ppk_id))
+ {
+ if (this->peer_cfg->ppk_required(this->peer_cfg))
+ {
+ DBG1(DBG_CFG, "PPK required but no PPK_IDENTITY received");
+ return FALSE;
+ }
+ return TRUE;
+ }
+
+ ppk_id_cfg = this->peer_cfg->get_ppk_id(this->peer_cfg);
+ if (ppk_id_cfg && !ppk_id->matches(ppk_id, ppk_id_cfg))
+ {
+ DBG1(DBG_CFG, "received PPK_ID '%Y', but require '%Y'", ppk_id,
+ ppk_id_cfg);
+ ppk_id->destroy(ppk_id);
+ return FALSE;
+ }
+ result = get_ppk(this, ppk_id);
+ ppk_id->destroy(ppk_id);
+ return result;
+}
+
METHOD(task_t, build_i, status_t,
private_ike_auth_t *this, message_t *message)
{
@@ -401,7 +591,7 @@ METHOD(task_t, build_i, status_t,
return collect_my_init_data(this, message);
}
- if (this->peer_cfg == NULL)
+ if (!this->peer_cfg)
{
this->peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
this->peer_cfg->get_ref(this->peer_cfg);
@@ -420,6 +610,12 @@ METHOD(task_t, build_i, status_t,
/* indicate support for RFC 6311 Message ID synchronization */
message->add_notify(message, FALSE, IKEV2_MESSAGE_ID_SYNC_SUPPORTED,
chunk_empty);
+ /* only use a PPK in the first round */
+ if (!get_ppk_i(this))
+ {
+ charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED);
+ return FAILED;
+ }
}
if (!this->do_another_auth && !this->my_auth)
@@ -428,7 +624,7 @@ METHOD(task_t, build_i, status_t,
}
/* check if an authenticator is in progress */
- if (this->my_auth == NULL)
+ if (!this->my_auth)
{
identification_t *idi, *idr = NULL;
id_payload_t *id_payload;
@@ -495,6 +691,14 @@ METHOD(task_t, build_i, status_t,
return FAILED;
}
}
+ /* for authentication methods that return NEED_MORE, the PPK will be reset
+ * in process_i() for messages without PPK_ID notify, so we always set it
+ * during the first round (afterwards the PPK won't be available) */
+ if (this->ppk.ptr && this->my_auth->use_ppk)
+ {
+ this->my_auth->use_ppk(this->my_auth, this->ppk,
+ !this->peer_cfg->ppk_required(this->peer_cfg));
+ }
switch (this->my_auth->build(this->my_auth, message))
{
case SUCCESS:
@@ -509,6 +713,12 @@ METHOD(task_t, build_i, status_t,
return FAILED;
}
+ /* add a PPK_IDENTITY notify to the message that contains AUTH */
+ if (this->ppk_id && message->get_payload(message, PLV2_AUTH))
+ {
+ add_ppk_identity(this->ppk_id, message);
+ }
+
/* check for additional authentication rounds */
if (do_another_auth(this))
{
@@ -536,7 +746,7 @@ METHOD(task_t, process_r, status_t,
return collect_other_init_data(this, message);
}
- if (this->my_auth == NULL && this->do_another_auth)
+ if (!this->my_auth && this->do_another_auth)
{
/* handle (optional) IDr payload, apply proposed identity */
id_payload = (id_payload_t*)message->get_payload(message, PLV2_ID_RESPONDER);
@@ -573,7 +783,7 @@ METHOD(task_t, process_r, status_t,
}
}
- if (this->other_auth == NULL)
+ if (!this->other_auth)
{
/* handle IDi payload */
id_payload = (id_payload_t*)message->get_payload(message, PLV2_ID_INITIATOR);
@@ -588,7 +798,7 @@ METHOD(task_t, process_r, status_t,
cfg = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE);
cfg->add(cfg, AUTH_RULE_IDENTITY, id->clone(id));
- if (this->peer_cfg == NULL)
+ if (!this->peer_cfg)
{
if (!load_cfg_candidates(this))
{
@@ -596,14 +806,14 @@ METHOD(task_t, process_r, status_t,
return NEED_MORE;
}
}
- if (message->get_payload(message, PLV2_AUTH) == NULL)
+ if (!message->get_payload(message, PLV2_AUTH))
{ /* before authenticating with EAP, we need a EAP config */
cand = get_auth_cfg(this, FALSE);
while (!cand || (
(uintptr_t)cand->get(cand, AUTH_RULE_EAP_TYPE) == EAP_NAK &&
(uintptr_t)cand->get(cand, AUTH_RULE_EAP_VENDOR) == 0))
{ /* peer requested EAP, but current config does not match */
- DBG1(DBG_IKE, "peer requested EAP, config inacceptable");
+ DBG1(DBG_IKE, "peer requested EAP, config unacceptable");
this->peer_cfg->destroy(this->peer_cfg);
this->peer_cfg = NULL;
if (!update_cfg_candidates(this, FALSE))
@@ -642,6 +852,19 @@ METHOD(task_t, process_r, status_t,
return NEED_MORE;
}
}
+ if (message->get_payload(message, PLV2_AUTH) &&
+ is_first_round(this, FALSE))
+ {
+ if (!get_ppk_r(this, message))
+ {
+ this->authentication_failed = TRUE;
+ return NEED_MORE;
+ }
+ else if (this->ppk.ptr && this->other_auth->use_ppk)
+ {
+ this->other_auth->use_ppk(this->other_auth, this->ppk, FALSE);
+ }
+ }
switch (this->other_auth->process(this->other_auth, message))
{
case SUCCESS:
@@ -675,7 +898,7 @@ METHOD(task_t, process_r, status_t,
return NEED_MORE;
}
- if (message->get_notify(message, ANOTHER_AUTH_FOLLOWS) == NULL)
+ if (!message->get_notify(message, ANOTHER_AUTH_FOLLOWS))
{
this->expect_another_auth = FALSE;
if (!update_cfg_candidates(this, TRUE))
@@ -687,6 +910,37 @@ METHOD(task_t, process_r, status_t,
return NEED_MORE;
}
+/**
+ * Clear the PPK and PPK_ID
+ */
+static void clear_ppk(private_ike_auth_t *this)
+{
+ DESTROY_IF(this->ppk_id);
+ this->ppk_id = NULL;
+ chunk_clear(&this->ppk);
+}
+
+/**
+ * Derive new keys and clear the PPK
+ */
+static bool apply_ppk(private_ike_auth_t *this)
+{
+ keymat_v2_t *keymat;
+
+ if (this->ppk.ptr)
+ {
+ keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa);
+ if (!keymat->derive_ike_keys_ppk(keymat, this->ppk))
+ {
+ return FALSE;
+ }
+ DBG1(DBG_CFG, "using PPK for PPK_ID '%Y'", this->ppk_id);
+ this->ike_sa->set_condition(this->ike_sa, COND_PPK, TRUE);
+ }
+ clear_ppk(this);
+ return TRUE;
+}
+
METHOD(task_t, build_r, status_t,
private_ike_auth_t *this, message_t *message)
{
@@ -703,12 +957,12 @@ METHOD(task_t, build_r, status_t,
return collect_my_init_data(this, message);
}
- if (this->authentication_failed || this->peer_cfg == NULL)
+ if (this->authentication_failed || !this->peer_cfg)
{
goto peer_auth_failed;
}
- if (this->my_auth == NULL && this->do_another_auth)
+ if (!this->my_auth && this->do_another_auth)
{
identification_t *id, *id_cfg;
id_payload_t *id_payload;
@@ -793,6 +1047,10 @@ METHOD(task_t, build_r, status_t,
}
if (this->my_auth)
{
+ if (this->ppk.ptr && this->my_auth->use_ppk)
+ {
+ this->my_auth->use_ppk(this->my_auth, this->ppk, FALSE);
+ }
switch (this->my_auth->build(this->my_auth, message))
{
case SUCCESS:
@@ -807,6 +1065,16 @@ METHOD(task_t, build_r, status_t,
}
}
+ /* add a PPK_IDENTITY notify and derive new keys and clear the PPK */
+ if (this->ppk.ptr)
+ {
+ message->add_notify(message, FALSE, PPK_IDENTITY, chunk_empty);
+ if (!apply_ppk(this))
+ {
+ goto local_auth_failed;
+ }
+ }
+
/* check for additional authentication rounds */
if (do_another_auth(this))
{
@@ -942,7 +1210,7 @@ METHOD(task_t, process_i, status_t,
enumerator_t *enumerator;
payload_t *payload;
auth_cfg_t *cfg;
- bool mutual_eap = FALSE;
+ bool mutual_eap = FALSE, ppk_id_received = FALSE;
if (message->get_exchange_type(message) == IKE_SA_INIT)
{
@@ -998,6 +1266,9 @@ METHOD(task_t, process_i, status_t,
this->ike_sa->enable_extension(this->ike_sa,
EXT_IKE_MESSAGE_ID_SYNC);
break;
+ case PPK_IDENTITY:
+ ppk_id_received = TRUE;
+ break;
default:
{
if (type <= 16383)
@@ -1019,7 +1290,7 @@ METHOD(task_t, process_i, status_t,
if (this->expect_another_auth)
{
- if (this->other_auth == NULL)
+ if (!this->other_auth)
{
id_payload_t *id_payload;
identification_t *id;
@@ -1059,6 +1330,11 @@ METHOD(task_t, process_i, status_t,
}
if (this->other_auth)
{
+ if (ppk_id_received && is_first_round(this, FALSE) &&
+ this->other_auth->use_ppk)
+ {
+ this->other_auth->use_ppk(this->other_auth, this->ppk, FALSE);
+ }
switch (this->other_auth->process(this->other_auth, message))
{
case SUCCESS:
@@ -1094,6 +1370,14 @@ METHOD(task_t, process_i, status_t,
if (this->my_auth)
{
+ /* while we already set the PPK in build_i(), we MUST not use it if
+ * the peer did not reply with a PPK_ID notify */
+ if (this->ppk.ptr && this->my_auth->use_ppk)
+ {
+ this->my_auth->use_ppk(this->my_auth,
+ ppk_id_received ? this->ppk : chunk_empty,
+ FALSE);
+ }
switch (this->my_auth->process(this->my_auth, message))
{
case SUCCESS:
@@ -1109,11 +1393,29 @@ METHOD(task_t, process_i, status_t,
case NEED_MORE:
break;
default:
- charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED);
- send_auth_failed_informational(this, message);
- return FAILED;
+ goto local_auth_failed;
+ }
+ }
+
+ /* change keys and clear PPK after we are done with our authentication, so
+ * we only explicitly use it for the first round, afterwards we just use the
+ * changed SK_p keys implicitly */
+ if (!this->my_auth && this->ppk_id)
+ {
+ if (ppk_id_received)
+ {
+ if (!apply_ppk(this))
+ {
+ goto local_auth_failed;
+ }
+ }
+ else
+ {
+ DBG1(DBG_CFG, "peer didn't use PPK for PPK_ID '%Y'", this->ppk_id);
}
+ clear_ppk(this);
}
+
if (mutual_eap)
{
if (!this->my_auth || !this->my_auth->is_mutual(this->my_auth))
@@ -1124,7 +1426,7 @@ METHOD(task_t, process_i, status_t,
DBG1(DBG_IKE, "allow mutual EAP-only authentication");
}
- if (message->get_notify(message, ANOTHER_AUTH_FOLLOWS) == NULL)
+ if (!message->get_notify(message, ANOTHER_AUTH_FOLLOWS))
{
this->expect_another_auth = FALSE;
}
@@ -1162,6 +1464,10 @@ peer_auth_failed:
charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
send_auth_failed_informational(this, message);
return FAILED;
+local_auth_failed:
+ charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED);
+ send_auth_failed_informational(this, message);
+ return FAILED;
}
METHOD(task_t, get_type, task_type_t,
@@ -1173,6 +1479,7 @@ METHOD(task_t, get_type, task_type_t,
METHOD(task_t, migrate, void,
private_ike_auth_t *this, ike_sa_t *ike_sa)
{
+ clear_ppk(this);
chunk_free(&this->my_nonce);
chunk_free(&this->other_nonce);
DESTROY_IF(this->my_packet);
@@ -1199,6 +1506,7 @@ METHOD(task_t, migrate, void,
METHOD(task_t, destroy, void,
private_ike_auth_t *this)
{
+ clear_ppk(this);
chunk_free(&this->my_nonce);
chunk_free(&this->other_nonce);
DESTROY_IF(this->my_packet);
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h
index f6862ca27..fd14e9faf 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h
@@ -45,7 +45,7 @@ struct ike_auth_lifetime_t {
* Create a new TASK_IKE_AUTH_LIFETIME task.
*
* @param ike_sa IKE_SA this task works for
- * @param initiator TRUE if taks is initiated by us
+ * @param initiator TRUE if task is initiated by us
* @return ike_auth_lifetime task to handle by the task_manager
*/
ike_auth_lifetime_t *ike_auth_lifetime_create(ike_sa_t *ike_sa, bool initiator);
diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c
index 3d73d728b..307d99264 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_init.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.c
@@ -55,11 +55,6 @@ struct private_ike_init_t {
bool initiator;
/**
- * IKE config to establish
- */
- ike_cfg_t *config;
-
- /**
* diffie hellman group to use
*/
diffie_hellman_group_t dh_group;
@@ -275,6 +270,38 @@ static void handle_supported_hash_algorithms(private_ike_init_t *this,
}
/**
+ * Check whether to send a USE_PPK notify
+ */
+static bool send_use_ppk(private_ike_init_t *this)
+{
+ peer_cfg_t *peer;
+ enumerator_t *keys;
+ shared_key_t *key;
+ bool use_ppk = FALSE;
+
+ if (this->initiator)
+ {
+ peer = this->ike_sa->get_peer_cfg(this->ike_sa);
+ if (peer->get_ppk_id(peer))
+ {
+ use_ppk = TRUE;
+ }
+ }
+ else if (this->ike_sa->supports_extension(this->ike_sa, EXT_PPK))
+ {
+ /* check if we have at least one PPK available */
+ keys = lib->credmgr->create_shared_enumerator(lib->credmgr, SHARED_PPK,
+ NULL, NULL);
+ if (keys->enumerate(keys, &key, NULL, NULL))
+ {
+ use_ppk = TRUE;
+ }
+ keys->destroy(keys);
+ }
+ return use_ppk;
+}
+
+/**
* build the payloads for the message
*/
static bool build_payloads(private_ike_init_t *this, message_t *message)
@@ -286,14 +313,15 @@ static bool build_payloads(private_ike_init_t *this, message_t *message)
ike_sa_id_t *id;
proposal_t *proposal;
enumerator_t *enumerator;
+ ike_cfg_t *ike_cfg;
id = this->ike_sa->get_id(this->ike_sa);
- this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
+ ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
if (this->initiator)
{
- proposal_list = this->config->get_proposals(this->config);
+ proposal_list = ike_cfg->get_proposals(ike_cfg);
other_dh_groups = linked_list_create();
enumerator = proposal_list->create_enumerator(proposal_list);
while (enumerator->enumerate(enumerator, (void**)&proposal))
@@ -334,8 +362,6 @@ static bool build_payloads(private_ike_init_t *this, message_t *message)
}
message->add_payload(message, (payload_t*)sa_payload);
- nonce_payload = nonce_payload_create(PLV2_NONCE);
- nonce_payload->set_nonce(nonce_payload, this->my_nonce);
ke_payload = ke_payload_create_from_diffie_hellman(PLV2_KEY_EXCHANGE,
this->dh);
if (!ke_payload)
@@ -343,6 +369,8 @@ static bool build_payloads(private_ike_init_t *this, message_t *message)
DBG1(DBG_IKE, "creating KE payload failed");
return FALSE;
}
+ nonce_payload = nonce_payload_create(PLV2_NONCE);
+ nonce_payload->set_nonce(nonce_payload, this->my_nonce);
if (this->old_sa)
{ /* payload order differs if we are rekeying */
@@ -357,7 +385,7 @@ static bool build_payloads(private_ike_init_t *this, message_t *message)
/* negotiate fragmentation if we are not rekeying */
if (!this->old_sa &&
- this->config->fragmentation(this->config) != FRAGMENTATION_NO)
+ ike_cfg->fragmentation(ike_cfg) != FRAGMENTATION_NO)
{
if (this->initiator ||
this->ike_sa->supports_extension(this->ike_sa,
@@ -400,10 +428,77 @@ static bool build_payloads(private_ike_init_t *this, message_t *message)
chunk_empty);
}
}
+ /* notify the peer if we want to use/support PPK */
+ if (!this->old_sa && send_use_ppk(this))
+ {
+ message->add_notify(message, FALSE, USE_PPK, chunk_empty);
+ }
return TRUE;
}
/**
+ * Process the SA payload and select a proposal
+ */
+static void process_sa_payload(private_ike_init_t *this, message_t *message,
+ sa_payload_t *sa_payload)
+{
+ ike_cfg_t *ike_cfg, *cfg, *alt_cfg = NULL;
+ enumerator_t *enumerator;
+ linked_list_t *proposal_list;
+ host_t *me, *other;
+ bool private, prefer_configured;
+
+ ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
+
+ proposal_list = sa_payload->get_proposals(sa_payload);
+ private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN);
+ prefer_configured = lib->settings->get_bool(lib->settings,
+ "%s.prefer_configured_proposals", TRUE, lib->ns);
+
+ this->proposal = ike_cfg->select_proposal(ike_cfg, proposal_list, private,
+ prefer_configured);
+ if (!this->proposal)
+ {
+ if (!this->initiator && !this->old_sa)
+ {
+ me = message->get_destination(message);
+ other = message->get_source(message);
+ enumerator = charon->backends->create_ike_cfg_enumerator(
+ charon->backends, me, other, IKEV2);
+ while (enumerator->enumerate(enumerator, &cfg))
+ {
+ if (ike_cfg == cfg)
+ { /* already tried and failed */
+ continue;
+ }
+ DBG1(DBG_IKE, "no matching proposal found, trying alternative "
+ "config");
+ this->proposal = cfg->select_proposal(cfg, proposal_list,
+ private, prefer_configured);
+ if (this->proposal)
+ {
+ alt_cfg = cfg->get_ref(cfg);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
+ if (alt_cfg)
+ {
+ this->ike_sa->set_ike_cfg(this->ike_sa, alt_cfg);
+ alt_cfg->destroy(alt_cfg);
+ }
+ else
+ {
+ charon->bus->alert(charon->bus, ALERT_PROPOSAL_MISMATCH_IKE,
+ proposal_list);
+ }
+ }
+ proposal_list->destroy_offset(proposal_list,
+ offsetof(proposal_t, destroy));
+}
+
+/**
* Read payloads from message
*/
static void process_payloads(private_ike_init_t *this, message_t *message)
@@ -419,24 +514,7 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
{
case PLV2_SECURITY_ASSOCIATION:
{
- sa_payload_t *sa_payload = (sa_payload_t*)payload;
- linked_list_t *proposal_list;
- bool private, prefer_configured;
-
- proposal_list = sa_payload->get_proposals(sa_payload);
- private = this->ike_sa->supports_extension(this->ike_sa,
- EXT_STRONGSWAN);
- prefer_configured = lib->settings->get_bool(lib->settings,
- "%s.prefer_configured_proposals", TRUE, lib->ns);
- this->proposal = this->config->select_proposal(this->config,
- proposal_list, private, prefer_configured);
- if (!this->proposal)
- {
- charon->bus->alert(charon->bus, ALERT_PROPOSAL_MISMATCH_IKE,
- proposal_list);
- }
- proposal_list->destroy_offset(proposal_list,
- offsetof(proposal_t, destroy));
+ process_sa_payload(this, message, (sa_payload_t*)payload);
break;
}
case PLV2_KEY_EXCHANGE:
@@ -469,6 +547,13 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
handle_supported_hash_algorithms(this, notify);
}
break;
+ case USE_PPK:
+ if (!this->old_sa)
+ {
+ this->ike_sa->enable_extension(this->ike_sa,
+ EXT_PPK);
+ }
+ break;
case REDIRECTED_FROM:
{
identification_t *gateway;
@@ -533,7 +618,10 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
METHOD(task_t, build_i, status_t,
private_ike_init_t *this, message_t *message)
{
- this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
+ ike_cfg_t *ike_cfg;
+
+ ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
+
DBG0(DBG_IKE, "initiating IKE_SA %s[%d] to %H",
this->ike_sa->get_name(this->ike_sa),
this->ike_sa->get_unique_id(this->ike_sa),
@@ -563,12 +651,12 @@ METHOD(task_t, build_i, status_t,
}
else
{ /* this shouldn't happen, but let's be safe */
- this->dh_group = this->config->get_dh_group(this->config);
+ this->dh_group = ike_cfg->get_dh_group(ike_cfg);
}
}
else
{
- this->dh_group = this->config->get_dh_group(this->config);
+ this->dh_group = ike_cfg->get_dh_group(ike_cfg);
}
this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat,
this->dh_group);
@@ -627,7 +715,6 @@ METHOD(task_t, build_i, status_t,
METHOD(task_t, process_r, status_t,
private_ike_init_t *this, message_t *message)
{
- this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
DBG0(DBG_IKE, "%H is initiating an IKE_SA", message->get_source(message));
this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
@@ -699,7 +786,7 @@ METHOD(task_t, build_r, status_t,
if (this->proposal == NULL ||
this->other_nonce.len == 0 || this->my_nonce.len == 0)
{
- DBG1(DBG_IKE, "received proposals inacceptable");
+ DBG1(DBG_IKE, "received proposals unacceptable");
message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
return FAILED;
}
@@ -728,7 +815,7 @@ METHOD(task_t, build_r, status_t,
if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP,
&group, NULL))
{
- DBG1(DBG_IKE, "DH group %N inacceptable, requesting %N",
+ DBG1(DBG_IKE, "DH group %N unacceptable, requesting %N",
diffie_hellman_group_names, this->dh_group,
diffie_hellman_group_names, group);
this->dh_group = group;
@@ -770,12 +857,14 @@ METHOD(task_t, build_r, status_t,
*/
static void raise_alerts(private_ike_init_t *this, notify_type_t type)
{
+ ike_cfg_t *ike_cfg;
linked_list_t *list;
switch (type)
{
case NO_PROPOSAL_CHOSEN:
- list = this->config->get_proposals(this->config);
+ ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
+ list = ike_cfg->get_proposals(ike_cfg);
charon->bus->alert(charon->bus, ALERT_PROPOSAL_MISMATCH_IKE, list);
list->destroy_offset(list, offsetof(proposal_t, destroy));
break;
diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.c b/src/libcharon/sa/ikev2/tasks/ike_mobike.c
index fe41a1cac..b2ad0a02a 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_mobike.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.c
@@ -193,7 +193,7 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message)
case NAT_DETECTION_DESTINATION_IP:
{
/* NAT check in this MOBIKE exchange, create subtask for it */
- if (this->natd == NULL)
+ if (!this->natd)
{
this->natd = ike_natd_create(this->ike_sa, this->initiator);
}
@@ -648,7 +648,7 @@ METHOD(ike_mobike_t, roam, void,
METHOD(ike_mobike_t, dpd, void,
private_ike_mobike_t *this)
{
- if (!this->natd)
+ if (!this->natd && this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE))
{
this->natd = ike_natd_create(this->ike_sa, this->initiator);
}
diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.h b/src/libcharon/sa/ikev2/tasks/ike_mobike.h
index 288b87178..8789ac0af 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_mobike.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.h
@@ -91,7 +91,7 @@ struct ike_mobike_t {
* Create a new ike_mobike task.
*
* @param ike_sa IKE_SA this task works for
- * @param initiator TRUE if taks is initiated by us
+ * @param initiator TRUE if task is initiated by us
* @return ike_mobike task to handle by the task_manager
*/
ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator);
diff --git a/src/libcharon/sa/ikev2/tasks/ike_rekey.c b/src/libcharon/sa/ikev2/tasks/ike_rekey.c
index 11123b415..57f9a797e 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_rekey.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_rekey.c
@@ -259,7 +259,7 @@ METHOD(task_t, build_r, status_t,
}
if (this->new_sa == NULL)
{
- /* IKE_SA/a CHILD_SA is in an inacceptable state, deny rekeying */
+ /* IKE_SA/a CHILD_SA is in an unacceptable state, deny rekeying */
message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
return SUCCESS;
}
diff --git a/src/libcharon/sa/ikev2/tasks/ike_vendor.c b/src/libcharon/sa/ikev2/tasks/ike_vendor.c
index 8d8969ea0..e81a18a14 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_vendor.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_vendor.c
@@ -59,7 +59,7 @@ struct private_ike_vendor_t {
ike_sa_t *ike_sa;
/**
- * Are we the inititator of this task
+ * Are we the initiator of this task
*/
bool initiator;
};
diff --git a/src/libcharon/sa/shunt_manager.c b/src/libcharon/sa/shunt_manager.c
index a83da0480..d66e70937 100644
--- a/src/libcharon/sa/shunt_manager.c
+++ b/src/libcharon/sa/shunt_manager.c
@@ -117,8 +117,10 @@ static bool install_shunt_policy(child_cfg_t *child)
host_any6 = host_create_any(AF_INET6);
hosts = linked_list_create_with_items(host_any, host_any6, NULL);
- my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, hosts);
- other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts);
+ my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, hosts,
+ FALSE);
+ other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts,
+ FALSE);
hosts->destroy(hosts);
manual_prio = child->get_manual_prio(child);
@@ -287,8 +289,10 @@ static void uninstall_shunt_policy(child_cfg_t *child)
host_any6 = host_create_any(AF_INET6);
hosts = linked_list_create_with_items(host_any, host_any6, NULL);
- my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, hosts);
- other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts);
+ my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, hosts,
+ FALSE);
+ other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts,
+ FALSE);
hosts->destroy(hosts);
manual_prio = child->get_manual_prio(child);
diff --git a/src/libcharon/sa/task.h b/src/libcharon/sa/task.h
index 1a0a1acfa..987ac489d 100644
--- a/src/libcharon/sa/task.h
+++ b/src/libcharon/sa/task.h
@@ -115,7 +115,7 @@ extern enum_name_t *task_type_names;
/**
* Interface for a task, an operation handled within exchanges.
*
- * A task is an elemantary operation. It may be handled by a single or by
+ * A task is an elementary operation. It may be handled by a single or by
* multiple exchanges. An exchange may even complete multiple tasks.
* A task has a build() and an process() operation. The build() operation
* creates payloads and adds it to the message. The process() operation
@@ -128,7 +128,7 @@ extern enum_name_t *task_type_names;
* that the task completed, even when the task completed unsuccessfully. The
* manager then removes the task from the list. A NEED_MORE is returned when
* the task needs further build()/process() calls to complete, the manager
- * leaves the taks in the queue. A returned FAILED indicates a critical failure.
+ * leaves the task in the queue. A returned FAILED indicates a critical failure.
* The manager closes the IKE_SA whenever a task returns FAILED.
*/
struct task_t {
@@ -180,7 +180,7 @@ struct task_t {
* Migrate a task to a new IKE_SA.
*
* After migrating a task, it goes back to a state where it can be
- * used again to initate an exchange. This is useful when a task
+ * used again to initiate an exchange. This is useful when a task
* has to get migrated to a new IKE_SA.
* A special usage is when a INVALID_KE_PAYLOAD is received. A call
* to reset resets the task, but uses another DH group for the next
diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c
index 979f9290a..148df3923 100644
--- a/src/libcharon/sa/trap_manager.c
+++ b/src/libcharon/sa/trap_manager.c
@@ -168,7 +168,7 @@ static bool dynamic_remote_ts(child_cfg_t *child)
traffic_selector_t *ts;
bool found = FALSE;
- other_ts = child->get_traffic_selectors(child, FALSE, NULL, NULL);
+ other_ts = child->get_traffic_selectors(child, FALSE, NULL, NULL, FALSE);
enumerator = other_ts->create_enumerator(other_ts);
while (enumerator->enumerate(enumerator, &ts))
{
@@ -296,11 +296,11 @@ METHOD(trap_manager_t, install, bool,
child_sa = child_sa_create(me, other, child, 0, FALSE, 0, 0);
list = linked_list_create_with_items(me, NULL);
- my_ts = child->get_traffic_selectors(child, TRUE, NULL, list);
+ my_ts = child->get_traffic_selectors(child, TRUE, NULL, list, FALSE);
list->destroy_offset(list, offsetof(host_t, destroy));
list = linked_list_create_with_items(other, NULL);
- other_ts = child->get_traffic_selectors(child, FALSE, NULL, list);
+ other_ts = child->get_traffic_selectors(child, FALSE, NULL, list, FALSE);
list->destroy_offset(list, offsetof(host_t, destroy));
/* We don't know the finally negotiated protocol (ESP|AH), we install
diff --git a/src/libcharon/tests/Makefile.am b/src/libcharon/tests/Makefile.am
index 5ebd0456c..101b534f0 100644
--- a/src/libcharon/tests/Makefile.am
+++ b/src/libcharon/tests/Makefile.am
@@ -4,6 +4,7 @@ check_PROGRAMS = $(TESTS)
libcharon_tests_SOURCES = \
suites/test_ike_cfg.c \
+ suites/test_peer_cfg.c \
suites/test_mem_pool.c \
suites/test_message_chapoly.c \
libcharon_tests.h libcharon_tests.c
@@ -35,6 +36,7 @@ exchange_tests_SOURCES = \
utils/job_asserts.h \
utils/mock_dh.h utils/mock_dh.c \
utils/mock_ipsec.h utils/mock_ipsec.c \
+ utils/mock_net.h utils/mock_net.c \
utils/mock_nonce_gen.h utils/mock_nonce_gen.c \
utils/mock_sender.h utils/mock_sender.c \
utils/sa_asserts.h \
diff --git a/src/libcharon/tests/Makefile.in b/src/libcharon/tests/Makefile.in
index 24552d201..c545c6334 100644
--- a/src/libcharon/tests/Makefile.in
+++ b/src/libcharon/tests/Makefile.in
@@ -121,6 +121,7 @@ am_exchange_tests_OBJECTS = \
utils/exchange_tests-exchange_test_helper.$(OBJEXT) \
utils/exchange_tests-mock_dh.$(OBJEXT) \
utils/exchange_tests-mock_ipsec.$(OBJEXT) \
+ utils/exchange_tests-mock_net.$(OBJEXT) \
utils/exchange_tests-mock_nonce_gen.$(OBJEXT) \
utils/exchange_tests-mock_sender.$(OBJEXT) \
exchange_tests-exchange_tests.$(OBJEXT)
@@ -139,6 +140,7 @@ exchange_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
$(LDFLAGS) -o $@
am_libcharon_tests_OBJECTS = \
suites/libcharon_tests-test_ike_cfg.$(OBJEXT) \
+ suites/libcharon_tests-test_peer_cfg.$(OBJEXT) \
suites/libcharon_tests-test_mem_pool.$(OBJEXT) \
suites/libcharon_tests-test_message_chapoly.$(OBJEXT) \
libcharon_tests-libcharon_tests.$(OBJEXT)
@@ -334,7 +336,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -360,6 +361,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -380,8 +383,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -436,8 +437,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -466,8 +465,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
@@ -475,6 +478,7 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
libcharon_tests_SOURCES = \
suites/test_ike_cfg.c \
+ suites/test_peer_cfg.c \
suites/test_mem_pool.c \
suites/test_message_chapoly.c \
libcharon_tests.h libcharon_tests.c
@@ -505,6 +509,7 @@ exchange_tests_SOURCES = \
utils/job_asserts.h \
utils/mock_dh.h utils/mock_dh.c \
utils/mock_ipsec.h utils/mock_ipsec.c \
+ utils/mock_net.h utils/mock_net.c \
utils/mock_nonce_gen.h utils/mock_nonce_gen.c \
utils/mock_sender.h utils/mock_sender.c \
utils/sa_asserts.h \
@@ -598,6 +603,8 @@ utils/exchange_tests-mock_dh.$(OBJEXT): utils/$(am__dirstamp) \
utils/$(DEPDIR)/$(am__dirstamp)
utils/exchange_tests-mock_ipsec.$(OBJEXT): utils/$(am__dirstamp) \
utils/$(DEPDIR)/$(am__dirstamp)
+utils/exchange_tests-mock_net.$(OBJEXT): utils/$(am__dirstamp) \
+ utils/$(DEPDIR)/$(am__dirstamp)
utils/exchange_tests-mock_nonce_gen.$(OBJEXT): utils/$(am__dirstamp) \
utils/$(DEPDIR)/$(am__dirstamp)
utils/exchange_tests-mock_sender.$(OBJEXT): utils/$(am__dirstamp) \
@@ -608,6 +615,8 @@ exchange_tests$(EXEEXT): $(exchange_tests_OBJECTS) $(exchange_tests_DEPENDENCIES
$(AM_V_CCLD)$(exchange_tests_LINK) $(exchange_tests_OBJECTS) $(exchange_tests_LDADD) $(LIBS)
suites/libcharon_tests-test_ike_cfg.$(OBJEXT): suites/$(am__dirstamp) \
suites/$(DEPDIR)/$(am__dirstamp)
+suites/libcharon_tests-test_peer_cfg.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
suites/libcharon_tests-test_mem_pool.$(OBJEXT): \
suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
suites/libcharon_tests-test_message_chapoly.$(OBJEXT): \
@@ -636,10 +645,12 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_ike_cfg.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_mem_pool.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_message_chapoly.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_peer_cfg.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_dh.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_ipsec.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_net.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_sender.Po@am__quote@
@@ -807,6 +818,20 @@ utils/exchange_tests-mock_ipsec.obj: utils/mock_ipsec.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_ipsec.obj `if test -f 'utils/mock_ipsec.c'; then $(CYGPATH_W) 'utils/mock_ipsec.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_ipsec.c'; fi`
+utils/exchange_tests-mock_net.o: utils/mock_net.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_net.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_net.Tpo -c -o utils/exchange_tests-mock_net.o `test -f 'utils/mock_net.c' || echo '$(srcdir)/'`utils/mock_net.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_net.Tpo utils/$(DEPDIR)/exchange_tests-mock_net.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_net.c' object='utils/exchange_tests-mock_net.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_net.o `test -f 'utils/mock_net.c' || echo '$(srcdir)/'`utils/mock_net.c
+
+utils/exchange_tests-mock_net.obj: utils/mock_net.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_net.obj -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_net.Tpo -c -o utils/exchange_tests-mock_net.obj `if test -f 'utils/mock_net.c'; then $(CYGPATH_W) 'utils/mock_net.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_net.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_net.Tpo utils/$(DEPDIR)/exchange_tests-mock_net.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_net.c' object='utils/exchange_tests-mock_net.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_net.obj `if test -f 'utils/mock_net.c'; then $(CYGPATH_W) 'utils/mock_net.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_net.c'; fi`
+
utils/exchange_tests-mock_nonce_gen.o: utils/mock_nonce_gen.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_nonce_gen.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Tpo -c -o utils/exchange_tests-mock_nonce_gen.o `test -f 'utils/mock_nonce_gen.c' || echo '$(srcdir)/'`utils/mock_nonce_gen.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Tpo utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Po
@@ -863,6 +888,20 @@ suites/libcharon_tests-test_ike_cfg.obj: suites/test_ike_cfg.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -c -o suites/libcharon_tests-test_ike_cfg.obj `if test -f 'suites/test_ike_cfg.c'; then $(CYGPATH_W) 'suites/test_ike_cfg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ike_cfg.c'; fi`
+suites/libcharon_tests-test_peer_cfg.o: suites/test_peer_cfg.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -MT suites/libcharon_tests-test_peer_cfg.o -MD -MP -MF suites/$(DEPDIR)/libcharon_tests-test_peer_cfg.Tpo -c -o suites/libcharon_tests-test_peer_cfg.o `test -f 'suites/test_peer_cfg.c' || echo '$(srcdir)/'`suites/test_peer_cfg.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libcharon_tests-test_peer_cfg.Tpo suites/$(DEPDIR)/libcharon_tests-test_peer_cfg.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_peer_cfg.c' object='suites/libcharon_tests-test_peer_cfg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -c -o suites/libcharon_tests-test_peer_cfg.o `test -f 'suites/test_peer_cfg.c' || echo '$(srcdir)/'`suites/test_peer_cfg.c
+
+suites/libcharon_tests-test_peer_cfg.obj: suites/test_peer_cfg.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -MT suites/libcharon_tests-test_peer_cfg.obj -MD -MP -MF suites/$(DEPDIR)/libcharon_tests-test_peer_cfg.Tpo -c -o suites/libcharon_tests-test_peer_cfg.obj `if test -f 'suites/test_peer_cfg.c'; then $(CYGPATH_W) 'suites/test_peer_cfg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_peer_cfg.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libcharon_tests-test_peer_cfg.Tpo suites/$(DEPDIR)/libcharon_tests-test_peer_cfg.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_peer_cfg.c' object='suites/libcharon_tests-test_peer_cfg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -c -o suites/libcharon_tests-test_peer_cfg.obj `if test -f 'suites/test_peer_cfg.c'; then $(CYGPATH_W) 'suites/test_peer_cfg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_peer_cfg.c'; fi`
+
suites/libcharon_tests-test_mem_pool.o: suites/test_mem_pool.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -MT suites/libcharon_tests-test_mem_pool.o -MD -MP -MF suites/$(DEPDIR)/libcharon_tests-test_mem_pool.Tpo -c -o suites/libcharon_tests-test_mem_pool.o `test -f 'suites/test_mem_pool.c' || echo '$(srcdir)/'`suites/test_mem_pool.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libcharon_tests-test_mem_pool.Tpo suites/$(DEPDIR)/libcharon_tests-test_mem_pool.Po
diff --git a/src/libcharon/tests/libcharon_tests.h b/src/libcharon/tests/libcharon_tests.h
index d17ea041d..bc0521a75 100644
--- a/src/libcharon/tests/libcharon_tests.h
+++ b/src/libcharon/tests/libcharon_tests.h
@@ -25,5 +25,6 @@
*/
TEST_SUITE(ike_cfg_suite_create)
+TEST_SUITE(peer_cfg_suite_create)
TEST_SUITE(mem_pool_suite_create)
TEST_SUITE_DEPEND(message_chapoly_suite_create, AEAD, ENCR_CHACHA20_POLY1305, 32)
diff --git a/src/libcharon/tests/suites/test_peer_cfg.c b/src/libcharon/tests/suites/test_peer_cfg.c
new file mode 100644
index 000000000..02e38a314
--- /dev/null
+++ b/src/libcharon/tests/suites/test_peer_cfg.c
@@ -0,0 +1,229 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <config/peer_cfg.h>
+#include <config/child_cfg.h>
+
+/**
+ * Create a simple IKE config
+ */
+static ike_cfg_t *create_ike_cfg()
+{
+ return ike_cfg_create(IKEV2, TRUE, FALSE, "127.0.0.1", 500,
+ "127.0.0.1", 500, FRAGMENTATION_NO, 0);
+}
+
+/**
+ * Create a simple peer config
+ */
+static peer_cfg_t *create_peer_cfg()
+{
+ peer_cfg_create_t peer = {};
+
+ return peer_cfg_create("peer", create_ike_cfg(), &peer);
+}
+
+static peer_cfg_t *peer_a, *peer_b;
+
+START_SETUP(setup_replace)
+{
+ peer_a = create_peer_cfg();
+ peer_b = create_peer_cfg();
+}
+END_SETUP
+
+START_TEARDOWN(teardown_replace)
+{
+ peer_a->destroy(peer_a);
+ peer_b->destroy(peer_b);
+}
+END_TEARDOWN
+
+/**
+ * Check if the changes are correctly reported
+ * All given objects are destroyed
+ */
+static void test_replace(enumerator_t *changes, linked_list_t *rem,
+ linked_list_t *add)
+{
+ child_cfg_t *child;
+ bool added;
+
+ while (changes->enumerate(changes, &child, &added))
+ {
+ if (added)
+ {
+ ck_assert_msg(add->remove(add, child, NULL) == 1, "child config "
+ "was unexpectedly added");
+ }
+ else
+ {
+ ck_assert_msg(rem->remove(rem, child, NULL) == 1, "child config "
+ "was unexpectedly removed");
+ }
+ }
+ changes->destroy(changes);
+ ck_assert_msg(!rem->get_count(rem), "expected child config was not removed");
+ ck_assert_msg(!add->get_count(add), "expected child config was not added");
+ rem->destroy(rem);
+ add->destroy(add);
+}
+
+/**
+ * Check if the given child configs are contained in the peer config
+ * The list is destroyed
+ */
+static void test_child_cfgs(peer_cfg_t *peer, linked_list_t *children)
+{
+ enumerator_t *enumerator;
+ child_cfg_t *child;
+
+ enumerator = peer->create_child_cfg_enumerator(peer);
+ while (enumerator->enumerate(enumerator, &child))
+ {
+ ck_assert_msg(children->remove(children, child, NULL) == 1, "child "
+ "config was unexpectedly contained in peer config");
+ }
+ enumerator->destroy(enumerator);
+ ck_assert_msg(!children->get_count(children), "expected child config was "
+ "not contained in peer config");
+ children->destroy(children);
+}
+
+START_TEST(replace_child_cfgs_empty)
+{
+ child_cfg_create_t cfg = {};
+ child_cfg_t *child;
+
+ child = child_cfg_create("c", &cfg);
+ peer_b->add_child_cfg(peer_b, child->get_ref(child));
+
+ test_replace(peer_a->replace_child_cfgs(peer_a, peer_b),
+ linked_list_create(),
+ linked_list_create_with_items(child, NULL));
+ test_child_cfgs(peer_a,
+ linked_list_create_with_items(child, NULL));
+
+ child->destroy(child);
+}
+END_TEST
+
+START_TEST(replace_child_cfgs_same)
+{
+ child_cfg_create_t cfg = {};
+ child_cfg_t *child;
+
+ child = child_cfg_create("c", &cfg);
+ peer_a->add_child_cfg(peer_a, child->get_ref(child));
+ peer_b->add_child_cfg(peer_b, child->get_ref(child));
+
+ test_replace(peer_a->replace_child_cfgs(peer_a, peer_b),
+ linked_list_create(),
+ linked_list_create());
+ test_child_cfgs(peer_a,
+ linked_list_create_with_items(child, NULL));
+
+ child->destroy(child);
+}
+END_TEST
+
+START_TEST(replace_child_cfgs_same_replace)
+{
+ child_cfg_create_t cfg = {};
+ child_cfg_t *c1, *c2;
+
+ c1 = child_cfg_create("c1", &cfg);
+ peer_a->add_child_cfg(peer_a, c1->get_ref(c1));
+ c2 = child_cfg_create("c2", &cfg);
+ peer_b->add_child_cfg(peer_b, c2->get_ref(c2));
+
+ test_replace(peer_a->replace_child_cfgs(peer_a, peer_b),
+ linked_list_create(),
+ linked_list_create());
+ test_child_cfgs(peer_a,
+ linked_list_create_with_items(c2, NULL));
+
+ c1->destroy(c1);
+ c2->destroy(c2);
+}
+END_TEST
+
+START_TEST(replace_child_cfgs_clear)
+{
+ child_cfg_create_t cfg = {};
+ child_cfg_t *child;
+
+ child = child_cfg_create("c", &cfg);
+ peer_a->add_child_cfg(peer_a, child->get_ref(child));
+
+ test_replace(peer_a->replace_child_cfgs(peer_a, peer_b),
+ linked_list_create_with_items(child, NULL),
+ linked_list_create());
+ test_child_cfgs(peer_a,
+ linked_list_create());
+
+ child->destroy(child);
+}
+END_TEST
+
+START_TEST(replace_child_cfgs_mixed)
+{
+ child_cfg_create_t cfg1 = {}, cfg2 = { .mode = MODE_TUNNEL, };
+ child_cfg_create_t cfg3 = { .mode = MODE_TRANSPORT};
+ child_cfg_t *c1, *c2, *c3, *c4;
+
+ c1 = child_cfg_create("c1", &cfg1);
+ peer_a->add_child_cfg(peer_a, c1->get_ref(c1));
+ c2 = child_cfg_create("c2", &cfg2);
+ peer_a->add_child_cfg(peer_a, c2->get_ref(c2));
+
+ c3 = child_cfg_create("c3", &cfg3);
+ peer_b->add_child_cfg(peer_b, c3->get_ref(c3));
+ c4 = child_cfg_create("c4", &cfg2);
+ peer_b->add_child_cfg(peer_b, c4->get_ref(c4));
+
+ test_replace(peer_a->replace_child_cfgs(peer_a, peer_b),
+ linked_list_create_with_items(c1, NULL),
+ linked_list_create_with_items(c3, NULL));
+ test_child_cfgs(peer_a,
+ linked_list_create_with_items(c3, c4, NULL));
+
+ c1->destroy(c1);
+ c2->destroy(c2);
+ c3->destroy(c3);
+ c4->destroy(c4);
+}
+END_TEST
+
+Suite *peer_cfg_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("peer_cfg");
+
+ tc = tcase_create("replace_child_cfgs");
+ tcase_add_checked_fixture(tc, setup_replace, teardown_replace);
+ tcase_add_test(tc, replace_child_cfgs_empty);
+ tcase_add_test(tc, replace_child_cfgs_same);
+ tcase_add_test(tc, replace_child_cfgs_same_replace);
+ tcase_add_test(tc, replace_child_cfgs_clear);
+ tcase_add_test(tc, replace_child_cfgs_mixed);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libcharon/tests/utils/exchange_test_helper.c b/src/libcharon/tests/utils/exchange_test_helper.c
index fce0ccedf..bebf33463 100644
--- a/src/libcharon/tests/utils/exchange_test_helper.c
+++ b/src/libcharon/tests/utils/exchange_test_helper.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2016 Tobias Brunner
+ * Copyright (C) 2016-2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -16,6 +16,7 @@
#include "exchange_test_helper.h"
#include "mock_dh.h"
#include "mock_ipsec.h"
+#include "mock_net.h"
#include "mock_nonce_gen.h"
#include <collections/array.h>
@@ -333,6 +334,7 @@ void exchange_test_helper_init(char *plugins)
/* and there is no kernel plugin loaded
* TODO: we'd have more control if we'd implement kernel_interface_t */
charon->kernel->add_ipsec_interface(charon->kernel, mock_ipsec_create);
+ charon->kernel->add_net_interface(charon->kernel, mock_net_create);
/* like SPIs for IPsec SAs, make IKE SPIs predictable */
charon->ike_sa_manager->set_spi_cb(charon->ike_sa_manager, get_ike_spi,
this);
diff --git a/src/libcharon/tests/utils/mock_net.c b/src/libcharon/tests/utils/mock_net.c
new file mode 100644
index 000000000..5b560871e
--- /dev/null
+++ b/src/libcharon/tests/utils/mock_net.c
@@ -0,0 +1,115 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "mock_net.h"
+
+#include <daemon.h>
+
+#include <assert.h>
+
+typedef struct private_kernel_net_t private_kernel_net_t;
+
+/**
+ * Private data
+ */
+struct private_kernel_net_t {
+
+ /**
+ * Public interface
+ */
+ kernel_net_t public;
+
+ /**
+ * Local IP address
+ */
+ host_t *host;
+};
+
+/**
+ * Global instance
+ */
+static private_kernel_net_t *instance;
+
+METHOD(kernel_net_t, get_source_addr, host_t*,
+ private_kernel_net_t *this, host_t *dest, host_t *src)
+{
+ return this->host->clone(this->host);
+}
+
+METHOD(kernel_net_t, get_nexthop, host_t*,
+ private_kernel_net_t *this, host_t *dest, int prefix, host_t *src,
+ char **iface)
+{
+ if (iface)
+ {
+ *iface = strdup("lo");
+ }
+ return this->host->clone(this->host);
+}
+
+METHOD(kernel_net_t, get_interface, bool,
+ private_kernel_net_t *this, host_t *host, char **name)
+{
+ if (host->ip_equals(host, this->host))
+ {
+ if (name)
+ {
+ *name = strdup("lo");
+ }
+ return TRUE;
+ }
+ return FALSE;
+}
+
+METHOD(kernel_net_t, create_address_enumerator, enumerator_t*,
+ private_kernel_net_t *this, kernel_address_type_t which)
+{
+ return enumerator_create_single(this->host, NULL);
+}
+
+METHOD(kernel_net_t, destroy, void,
+ private_kernel_net_t *this)
+{
+ this->host->destroy(this->host);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+kernel_net_t *mock_net_create()
+{
+ private_kernel_net_t *this;
+
+ INIT(this,
+ .public = {
+ .get_source_addr = _get_source_addr,
+ .get_nexthop = _get_nexthop,
+ .get_interface = _get_interface,
+ .create_address_enumerator = _create_address_enumerator,
+ .create_local_subnet_enumerator = (void*)enumerator_create_empty,
+ .add_ip = (void*)return_failed,
+ .del_ip = (void*)return_failed,
+ .add_route = (void*)return_failed,
+ .del_route = (void*)return_failed,
+ .destroy = _destroy,
+ },
+ .host = host_create_from_string("127.0.0.1", 500),
+ );
+
+ instance = this;
+
+ return &this->public;
+}
diff --git a/src/libimcv/plugins/imv_swid/imv_swid.c b/src/libcharon/tests/utils/mock_net.h
index cab011580..15ad1ac0c 100644
--- a/src/libimcv/plugins/imv_swid/imv_swid.c
+++ b/src/libcharon/tests/utils/mock_net.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -13,12 +13,24 @@
* for more details.
*/
-#include "imv_swid_agent.h"
+/**
+ * kernel_net_t implementation used for exchange unit tests. Simply returns
+ * an IP address so it seems we're connected.
+ *
+ * @defgroup mock_net mock_net
+ * @{ @ingroup test_utils_c
+ */
-static const char imv_name[] = "SWID";
-static const imv_agent_create_t imv_agent_create = imv_swid_agent_create;
+#ifndef MOCK_NET_H_
+#define MOCK_NET_H_
-/* include generic TGC TNC IF-IMV API code below */
+#include <kernel/kernel_net.h>
-#include <imv/imv_if.h>
+/**
+ * Create an instance of kernel_net_t
+ *
+ * @return created object
+ */
+kernel_net_t *mock_net_create();
+#endif /** MOCK_NET_H_ @}*/
diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in
index 604899b5a..397ae9b3a 100644
--- a/src/libfast/Makefile.in
+++ b/src/libfast/Makefile.in
@@ -316,7 +316,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -342,6 +341,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -362,8 +363,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -418,8 +417,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -448,8 +445,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libfast/fast_dispatcher.c b/src/libfast/fast_dispatcher.c
index 70ff40466..d5ce77193 100644
--- a/src/libfast/fast_dispatcher.c
+++ b/src/libfast/fast_dispatcher.c
@@ -30,7 +30,7 @@
#include <collections/linked_list.h>
#include <collections/hashtable.h>
-/** Intervall to check for expired sessions, in seconds */
+/** Interval to check for expired sessions, in seconds */
#define CLEANUP_INTERVAL 30
typedef struct private_fast_dispatcher_t private_fast_dispatcher_t;
diff --git a/src/libfast/fast_dispatcher.h b/src/libfast/fast_dispatcher.h
index ffa49d9db..3deb0b7dd 100644
--- a/src/libfast/fast_dispatcher.h
+++ b/src/libfast/fast_dispatcher.h
@@ -83,7 +83,7 @@ struct fast_dispatcher_t {
* The first controller added serves as default controller. Client's
* get redirected to it if no other controller matches.
*
- * @param constructor constructor function to the conntroller
+ * @param constructor constructor function to the controller
* @param param param to pass to constructor
*/
void (*add_controller)(fast_dispatcher_t *this,
diff --git a/src/libimcv/Android.mk b/src/libimcv/Android.mk
index 9f3172074..cde6ce23f 100644
--- a/src/libimcv/Android.mk
+++ b/src/libimcv/Android.mk
@@ -75,10 +75,6 @@ libimcv_la_SOURCES := \
seg/seg_contract.h seg/seg_contract.c \
seg/seg_contract_manager.h seg/seg_contract_manager.c \
seg/seg_env.h seg/seg_env.c \
- swid/swid_error.h swid/swid_error.c \
- swid/swid_inventory.h swid/swid_inventory.c \
- swid/swid_tag.h swid/swid_tag.c \
- swid/swid_tag_id.h swid/swid_tag_id.c \
swid_gen/swid_gen.h swid_gen/swid_gen.c \
swid_gen/swid_gen_info.h swid_gen/swid_gen_info.c \
swima/swima_data_model.h swima/swima_data_model.c \
@@ -108,10 +104,7 @@ libimcv_la_SOURCES := \
tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \
tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \
tcg/seg/tcg_seg_attr_seg_env.h tcg/seg/tcg_seg_attr_seg_env.c \
- tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c \
- tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \
- tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \
- tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c
+ tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c
LOCAL_SRC_FILES := $(filter %.c,$(libimcv_la_SOURCES))
diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am
index a6397c5ff..444de3f42 100644
--- a/src/libimcv/Makefile.am
+++ b/src/libimcv/Makefile.am
@@ -96,10 +96,6 @@ libimcv_la_SOURCES = \
seg/seg_contract.h seg/seg_contract.c \
seg/seg_contract_manager.h seg/seg_contract_manager.c \
seg/seg_env.h seg/seg_env.c \
- swid/swid_error.h swid/swid_error.c \
- swid/swid_inventory.h swid/swid_inventory.c \
- swid/swid_tag.h swid/swid_tag.c \
- swid/swid_tag_id.h swid/swid_tag_id.c \
swid_gen/swid_gen.h swid_gen/swid_gen.c \
swid_gen/swid_gen_info.h swid_gen/swid_gen_info.c \
swima/swima_data_model.h swima/swima_data_model.c \
@@ -129,10 +125,7 @@ libimcv_la_SOURCES = \
tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \
tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \
tcg/seg/tcg_seg_attr_seg_env.h tcg/seg/tcg_seg_attr_seg_env.c \
- tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c \
- tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \
- tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \
- tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c
+ tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c
ipsec_SCRIPTS = imv/_imv_policy
EXTRA_DIST = imv/_imv_policy Android.mk
@@ -183,14 +176,6 @@ if USE_IMV_ATTESTATION
SUBDIRS += plugins/imv_attestation
endif
-if USE_IMC_SWID
- SUBDIRS += plugins/imc_swid
-endif
-
-if USE_IMV_SWID
- SUBDIRS += plugins/imv_swid
-endif
-
if USE_IMC_SWIMA
SUBDIRS += plugins/imc_swima
endif
diff --git a/src/libimcv/Makefile.in b/src/libimcv/Makefile.in
index ef2c9c35b..105442d20 100644
--- a/src/libimcv/Makefile.in
+++ b/src/libimcv/Makefile.in
@@ -101,12 +101,10 @@ ipsec_PROGRAMS = imv_policy_manager$(EXEEXT)
@USE_IMV_OS_TRUE@am__append_7 = plugins/imv_os
@USE_IMC_ATTESTATION_TRUE@am__append_8 = plugins/imc_attestation
@USE_IMV_ATTESTATION_TRUE@am__append_9 = plugins/imv_attestation
-@USE_IMC_SWID_TRUE@am__append_10 = plugins/imc_swid
-@USE_IMV_SWID_TRUE@am__append_11 = plugins/imv_swid
-@USE_IMC_SWIMA_TRUE@am__append_12 = plugins/imc_swima
-@USE_IMV_SWIMA_TRUE@am__append_13 = plugins/imv_swima
-@USE_IMC_HCD_TRUE@am__append_14 = plugins/imc_hcd
-@USE_IMV_HCD_TRUE@am__append_15 = plugins/imv_hcd
+@USE_IMC_SWIMA_TRUE@am__append_10 = plugins/imc_swima
+@USE_IMV_SWIMA_TRUE@am__append_11 = plugins/imv_swima
+@USE_IMC_HCD_TRUE@am__append_12 = plugins/imc_hcd
+@USE_IMV_HCD_TRUE@am__append_13 = plugins/imv_hcd
TESTS = imcv_tests$(EXEEXT)
check_PROGRAMS = $(am__EXEEXT_1)
subdir = src/libimcv
@@ -202,12 +200,11 @@ am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \
pts/components/tcg/tcg_comp_func_name.lo pwg/pwg_attr.lo \
pwg/pwg_attr_vendor_smi_code.lo rest/rest.lo \
seg/seg_contract.lo seg/seg_contract_manager.lo seg/seg_env.lo \
- swid/swid_error.lo swid/swid_inventory.lo swid/swid_tag.lo \
- swid/swid_tag_id.lo swid_gen/swid_gen.lo \
- swid_gen/swid_gen_info.lo swima/swima_data_model.lo \
- swima/swima_record.lo swima/swima_event.lo \
- swima/swima_events.lo swima/swima_inventory.lo \
- swima/swima_collector.lo swima/swima_error.lo tcg/tcg_attr.lo \
+ swid_gen/swid_gen.lo swid_gen/swid_gen_info.lo \
+ swima/swima_data_model.lo swima/swima_record.lo \
+ swima/swima_event.lo swima/swima_events.lo \
+ swima/swima_inventory.lo swima/swima_collector.lo \
+ swima/swima_error.lo tcg/tcg_attr.lo \
tcg/pts/tcg_pts_attr_proto_caps.lo \
tcg/pts/tcg_pts_attr_dh_nonce_params_req.lo \
tcg/pts/tcg_pts_attr_dh_nonce_params_resp.lo \
@@ -226,9 +223,7 @@ am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \
tcg/pts/tcg_pts_attr_unix_file_meta.lo \
tcg/seg/tcg_seg_attr_max_size.lo \
tcg/seg/tcg_seg_attr_seg_env.lo \
- tcg/seg/tcg_seg_attr_next_seg.lo tcg/swid/tcg_swid_attr_req.lo \
- tcg/swid/tcg_swid_attr_tag_id_inv.lo \
- tcg/swid/tcg_swid_attr_tag_inv.lo
+ tcg/seg/tcg_seg_attr_next_seg.lo
libimcv_la_OBJECTS = $(am_libimcv_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
@@ -378,8 +373,8 @@ am__tty_colors = { \
DIST_SUBDIRS = . plugins/imc_test plugins/imv_test plugins/imc_scanner \
plugins/imv_scanner plugins/imc_os plugins/imv_os \
plugins/imc_attestation plugins/imv_attestation \
- plugins/imc_swid plugins/imv_swid plugins/imc_swima \
- plugins/imv_swima plugins/imc_hcd plugins/imv_hcd
+ plugins/imc_swima plugins/imv_swima plugins/imc_hcd \
+ plugins/imv_hcd
am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
@@ -506,7 +501,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -532,6 +526,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -552,8 +548,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -608,8 +602,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -638,8 +630,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
@@ -737,10 +733,6 @@ libimcv_la_SOURCES = \
seg/seg_contract.h seg/seg_contract.c \
seg/seg_contract_manager.h seg/seg_contract_manager.c \
seg/seg_env.h seg/seg_env.c \
- swid/swid_error.h swid/swid_error.c \
- swid/swid_inventory.h swid/swid_inventory.c \
- swid/swid_tag.h swid/swid_tag.c \
- swid/swid_tag_id.h swid/swid_tag_id.c \
swid_gen/swid_gen.h swid_gen/swid_gen.c \
swid_gen/swid_gen_info.h swid_gen/swid_gen_info.c \
swima/swima_data_model.h swima/swima_data_model.c \
@@ -770,10 +762,7 @@ libimcv_la_SOURCES = \
tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \
tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \
tcg/seg/tcg_seg_attr_seg_env.h tcg/seg/tcg_seg_attr_seg_env.c \
- tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c \
- tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \
- tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \
- tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c
+ tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c
ipsec_SCRIPTS = imv/_imv_policy
EXTRA_DIST = imv/_imv_policy Android.mk
@@ -791,8 +780,7 @@ imv_policy_manager_LDADD = \
SUBDIRS = . $(am__append_2) $(am__append_3) $(am__append_4) \
$(am__append_5) $(am__append_6) $(am__append_7) \
$(am__append_8) $(am__append_9) $(am__append_10) \
- $(am__append_11) $(am__append_12) $(am__append_13) \
- $(am__append_14) $(am__append_15)
+ $(am__append_11) $(am__append_12) $(am__append_13)
imcv_tests_SOURCES = \
ita/ita_attr_command.c \
pa_tnc/pa_tnc_attr_manager.c \
@@ -1102,19 +1090,6 @@ seg/seg_contract.lo: seg/$(am__dirstamp) seg/$(DEPDIR)/$(am__dirstamp)
seg/seg_contract_manager.lo: seg/$(am__dirstamp) \
seg/$(DEPDIR)/$(am__dirstamp)
seg/seg_env.lo: seg/$(am__dirstamp) seg/$(DEPDIR)/$(am__dirstamp)
-swid/$(am__dirstamp):
- @$(MKDIR_P) swid
- @: > swid/$(am__dirstamp)
-swid/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) swid/$(DEPDIR)
- @: > swid/$(DEPDIR)/$(am__dirstamp)
-swid/swid_error.lo: swid/$(am__dirstamp) \
- swid/$(DEPDIR)/$(am__dirstamp)
-swid/swid_inventory.lo: swid/$(am__dirstamp) \
- swid/$(DEPDIR)/$(am__dirstamp)
-swid/swid_tag.lo: swid/$(am__dirstamp) swid/$(DEPDIR)/$(am__dirstamp)
-swid/swid_tag_id.lo: swid/$(am__dirstamp) \
- swid/$(DEPDIR)/$(am__dirstamp)
swid_gen/$(am__dirstamp):
@$(MKDIR_P) swid_gen
@: > swid_gen/$(am__dirstamp)
@@ -1204,18 +1179,6 @@ tcg/seg/tcg_seg_attr_seg_env.lo: tcg/seg/$(am__dirstamp) \
tcg/seg/$(DEPDIR)/$(am__dirstamp)
tcg/seg/tcg_seg_attr_next_seg.lo: tcg/seg/$(am__dirstamp) \
tcg/seg/$(DEPDIR)/$(am__dirstamp)
-tcg/swid/$(am__dirstamp):
- @$(MKDIR_P) tcg/swid
- @: > tcg/swid/$(am__dirstamp)
-tcg/swid/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) tcg/swid/$(DEPDIR)
- @: > tcg/swid/$(DEPDIR)/$(am__dirstamp)
-tcg/swid/tcg_swid_attr_req.lo: tcg/swid/$(am__dirstamp) \
- tcg/swid/$(DEPDIR)/$(am__dirstamp)
-tcg/swid/tcg_swid_attr_tag_id_inv.lo: tcg/swid/$(am__dirstamp) \
- tcg/swid/$(DEPDIR)/$(am__dirstamp)
-tcg/swid/tcg_swid_attr_tag_inv.lo: tcg/swid/$(am__dirstamp) \
- tcg/swid/$(DEPDIR)/$(am__dirstamp)
libimcv.la: $(libimcv_la_OBJECTS) $(libimcv_la_DEPENDENCIES) $(EXTRA_libimcv_la_DEPENDENCIES)
$(AM_V_CCLD)$(libimcv_la_LINK) -rpath $(ipseclibdir) $(libimcv_la_OBJECTS) $(libimcv_la_LIBADD) $(LIBS)
@@ -1405,8 +1368,6 @@ mostlyclean-compile:
-rm -f seg/*.$(OBJEXT)
-rm -f seg/*.lo
-rm -f suites/*.$(OBJEXT)
- -rm -f swid/*.$(OBJEXT)
- -rm -f swid/*.lo
-rm -f swid_gen/*.$(OBJEXT)
-rm -f swid_gen/*.lo
-rm -f swima/*.$(OBJEXT)
@@ -1417,8 +1378,6 @@ mostlyclean-compile:
-rm -f tcg/pts/*.lo
-rm -f tcg/seg/*.$(OBJEXT)
-rm -f tcg/seg/*.lo
- -rm -f tcg/swid/*.$(OBJEXT)
- -rm -f tcg/swid/*.lo
distclean-compile:
-rm -f *.tab.c
@@ -1505,10 +1464,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/seg_env.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/imcv_tests-test_imcv_swima.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_error.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_inventory.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_tag.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_tag_id.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@swid_gen/$(DEPDIR)/imcv_tests-swid_gen.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@swid_gen/$(DEPDIR)/swid_gen.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@swid_gen/$(DEPDIR)/swid_gen_info.Plo@am__quote@
@@ -1547,9 +1502,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@tcg/seg/$(DEPDIR)/tcg_seg_attr_max_size.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@tcg/seg/$(DEPDIR)/tcg_seg_attr_next_seg.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@tcg/seg/$(DEPDIR)/tcg_seg_attr_seg_env.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_req.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_tag_id_inv.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_tag_inv.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -1889,13 +1841,11 @@ clean-libtool:
-rm -rf pwg/.libs pwg/_libs
-rm -rf rest/.libs rest/_libs
-rm -rf seg/.libs seg/_libs
- -rm -rf swid/.libs swid/_libs
-rm -rf swid_gen/.libs swid_gen/_libs
-rm -rf swima/.libs swima/_libs
-rm -rf tcg/.libs tcg/_libs
-rm -rf tcg/pts/.libs tcg/pts/_libs
-rm -rf tcg/seg/.libs tcg/seg/_libs
- -rm -rf tcg/swid/.libs tcg/swid/_libs
install-dist_templatesDATA: $(dist_templates_DATA)
@$(NORMAL_INSTALL)
@list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \
@@ -2233,8 +2183,6 @@ distclean-generic:
-rm -f seg/$(am__dirstamp)
-rm -f suites/$(DEPDIR)/$(am__dirstamp)
-rm -f suites/$(am__dirstamp)
- -rm -f swid/$(DEPDIR)/$(am__dirstamp)
- -rm -f swid/$(am__dirstamp)
-rm -f swid_gen/$(DEPDIR)/$(am__dirstamp)
-rm -f swid_gen/$(am__dirstamp)
-rm -f swima/$(DEPDIR)/$(am__dirstamp)
@@ -2245,8 +2193,6 @@ distclean-generic:
-rm -f tcg/pts/$(am__dirstamp)
-rm -f tcg/seg/$(DEPDIR)/$(am__dirstamp)
-rm -f tcg/seg/$(am__dirstamp)
- -rm -f tcg/swid/$(DEPDIR)/$(am__dirstamp)
- -rm -f tcg/swid/$(am__dirstamp)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@@ -2257,7 +2203,7 @@ clean-am: clean-checkPROGRAMS clean-generic clean-ipsecPROGRAMS \
clean-ipseclibLTLIBRARIES clean-libtool mostlyclean-am
distclean: distclean-recursive
- -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) ietf/swima/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) rest/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid/$(DEPDIR) swid_gen/$(DEPDIR) swima/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) tcg/swid/$(DEPDIR)
+ -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) ietf/swima/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) rest/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid_gen/$(DEPDIR) swima/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -2304,7 +2250,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-recursive
- -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) ietf/swima/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) rest/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid/$(DEPDIR) swid_gen/$(DEPDIR) swima/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) tcg/swid/$(DEPDIR)
+ -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) ietf/swima/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) rest/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid_gen/$(DEPDIR) swima/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
diff --git a/src/libimcv/ietf/ietf_attr.c b/src/libimcv/ietf/ietf_attr.c
index 44e0ef24f..b1bcd9214 100644
--- a/src/libimcv/ietf/ietf_attr.c
+++ b/src/libimcv/ietf/ietf_attr.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2017 Andreas Steffen
+ * Copyright (C) 2011-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -30,9 +30,7 @@
#include "ietf/swima/ietf_swima_attr_sw_ev.h"
#include "generic/generic_attr_bool.h"
-
-ENUM_BEGIN(ietf_attr_names, IETF_ATTR_TESTING,
- IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED,
+ENUM(ietf_attr_names, IETF_ATTR_TESTING, IETF_ATTR_SRC_METADATA_RESP,
"Testing",
"Attribute Request",
"Product Information",
@@ -46,10 +44,6 @@ ENUM_BEGIN(ietf_attr_names, IETF_ATTR_TESTING,
"Remediation Instructions",
"Forwarding Enabled",
"Factory Default Password Enabled",
-);
-ENUM_NEXT(ietf_attr_names, IETF_ATTR_SWIMA_REQUEST,
- IETF_ATTR_SRC_METADATA_RESP,
- IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED,
"SWIMA Request",
"SW Identifier Inventory",
"SW Identifier Events",
@@ -60,7 +54,6 @@ ENUM_NEXT(ietf_attr_names, IETF_ATTR_SWIMA_REQUEST,
"SW Source Metadata Request",
"SW Source Metadata Response",
);
-ENUM_END(ietf_attr_names, IETF_ATTR_SRC_METADATA_RESP);
/**
* See header
diff --git a/src/libimcv/ietf/ietf_attr.h b/src/libimcv/ietf/ietf_attr.h
index cbf4a49a2..0f802fd45 100644
--- a/src/libimcv/ietf/ietf_attr.h
+++ b/src/libimcv/ietf/ietf_attr.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2017 Andreas Steffen
+ * Copyright (C) 2011-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -32,7 +32,7 @@ typedef enum ietf_attr_t ietf_attr_t;
*/
enum ietf_attr_t {
- /* RFC 5792 */
+ /* RFC 5792 PA-TNC */
IETF_ATTR_TESTING = 0,
IETF_ATTR_ATTRIBUTE_REQUEST = 1,
IETF_ATTR_PRODUCT_INFORMATION = 2,
@@ -47,16 +47,16 @@ enum ietf_attr_t {
IETF_ATTR_FORWARDING_ENABLED = 11,
IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED = 12,
- /* draft-ietf-sacm-nea-swid-patnc */
- IETF_ATTR_SWIMA_REQUEST = 17,
- IETF_ATTR_SW_ID_INVENTORY = 18,
- IETF_ATTR_SW_ID_EVENTS = 19,
- IETF_ATTR_SW_INVENTORY = 20,
- IETF_ATTR_SW_EVENTS = 21,
- IETF_ATTR_SUBSCRIPTION_STATUS_REQ = 22,
- IETF_ATTR_SUBSCRIPTION_STATUS_RESP = 23,
- IETF_ATTR_SRC_METADATA_REQ = 24,
- IETF_ATTR_SRC_METADATA_RESP = 25,
+ /* RFC 8412 SWIMA */
+ IETF_ATTR_SWIMA_REQUEST = 13,
+ IETF_ATTR_SW_ID_INVENTORY = 14,
+ IETF_ATTR_SW_ID_EVENTS = 15,
+ IETF_ATTR_SW_INVENTORY = 16,
+ IETF_ATTR_SW_EVENTS = 17,
+ IETF_ATTR_SUBSCRIPTION_STATUS_REQ = 18,
+ IETF_ATTR_SUBSCRIPTION_STATUS_RESP = 19,
+ IETF_ATTR_SRC_METADATA_REQ = 20,
+ IETF_ATTR_SRC_METADATA_RESP = 21,
IETF_ATTR_RESERVED = 0xffffffff,
};
diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
index 75f279298..e543c63ea 100644
--- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
+++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2017 Andreas Steffen
+ * Copyright (C) 2011-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -20,23 +20,18 @@
#include <bio/bio_reader.h>
#include <utils/debug.h>
-ENUM_BEGIN(pa_tnc_error_code_names, PA_ERROR_RESERVED,
- PA_ERROR_ATTR_TYPE_NOT_SUPPORTED,
+ENUM(pa_tnc_error_code_names, PA_ERROR_RESERVED,
+ PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE,
"Reserved",
"Invalid Parameter",
"Version Not Supported",
- "Attribute Type Not Supported"
-);
-ENUM_NEXT(pa_tnc_error_code_names, PA_ERROR_SWIMA,
- PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE,
- PA_ERROR_ATTR_TYPE_NOT_SUPPORTED,
+ "Attribute Type Not Supported",
"SWIMA Error",
"SWIMA Subscription Denied",
"SWIMA Response Too Large",
"SWIMA Subscription Fulfillment Error",
"SWIMA Subscription ID Reuse"
);
-ENUM_END(pa_tnc_error_code_names, PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE);
typedef struct private_ietf_attr_pa_tnc_error_t private_ietf_attr_pa_tnc_error_t;
diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h
index dd0be72ff..d5cba97b6 100644
--- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h
+++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2017 Andreas Steffen
+ * Copyright (C) 2011-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -28,7 +28,7 @@ typedef enum pa_tnc_error_code_t pa_tnc_error_code_t;
#include "pa_tnc/pa_tnc_attr.h"
/**
- * IETF Standard PA-TNC Error Codes as defined in section 4.2.8 of RFC 5792
+ * IETF Standard PA-TNC Error Codes
*/
enum pa_tnc_error_code_t {
@@ -39,12 +39,12 @@ enum pa_tnc_error_code_t {
PA_ERROR_ATTR_TYPE_NOT_SUPPORTED = 3,
PA_ERROR_PA_TNC_MSG_ROOF = 3,
- /* draft-ietf-sacm-nea-swid-patnc (SWIMA) */
- PA_ERROR_SWIMA = 32,
- PA_ERROR_SWIMA_SUBSCRIPTION_DENIED = 33,
- PA_ERROR_SWIMA_RESPONSE_TOO_LARGE = 34,
- PA_ERROR_SWIMA_SUBSCRIPTION_FULFILLMENT = 35,
- PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE = 36
+ /* RFC 8412 SWIMA */
+ PA_ERROR_SWIMA = 4,
+ PA_ERROR_SWIMA_SUBSCRIPTION_DENIED = 5,
+ PA_ERROR_SWIMA_RESPONSE_TOO_LARGE = 6,
+ PA_ERROR_SWIMA_SUBSCRIPTION_FULFILLMENT = 7,
+ PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE = 8
};
/**
diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_req.c b/src/libimcv/ietf/swima/ietf_swima_attr_req.c
index d67497373..12212ec18 100644
--- a/src/libimcv/ietf/swima/ietf_swima_attr_req.c
+++ b/src/libimcv/ietf/swima/ietf_swima_attr_req.c
@@ -26,7 +26,7 @@ typedef struct private_ietf_swima_attr_req_t private_ietf_swima_attr_req_t;
/**
* SW Request
- * see section 5.7 of IETF SW Inventory Message and Attributes for PA-TNC
+ * see section 5.7 of RFC 8412 SWIMA
*
* 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
@@ -191,7 +191,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
return FAILED;
}
*offset += 2 + sw_id.len;
-
+
sw_record = swima_record_create(0, sw_id, chunk_empty);
this->targets->add(this->targets, sw_record);
}
diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c b/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c
index e315c3dbb..47f499518 100644
--- a/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c
+++ b/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c
@@ -27,7 +27,7 @@ typedef struct private_ietf_swima_attr_sw_ev_t private_ietf_swima_attr_sw_ev_t;
/**
* Software [Identifier] Events
- * see sections 5.9/5.11 of IETF SW Inventory Message and Attributes for PA-TNC
+ * see sections 5.9/5.11 of RFC 8412 SWIMA
*
* 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
@@ -165,16 +165,40 @@ METHOD(pa_tnc_attr_t, set_noskip_flag,void,
this->noskip_flag = noskip;
}
+/**
+ * This function is shared with ietf_swima_attr_sw_inv.c
+ **/
+void ietf_swima_attr_sw_ev_build_sw_record(bio_writer_t *writer,
+ uint8_t action, swima_record_t *sw_record, bool has_record)
+{
+ pen_type_t data_model;
+ chunk_t sw_locator;
+
+ data_model = sw_record->get_data_model(sw_record);
+
+ writer->write_uint32(writer, sw_record->get_record_id(sw_record));
+ writer->write_uint24(writer, data_model.vendor_id);
+ writer->write_uint8 (writer, data_model.type);
+ writer->write_uint8 (writer, sw_record->get_source_id(sw_record));
+ writer->write_uint8 (writer, action);
+ writer->write_data16(writer, sw_record->get_sw_id(sw_record, &sw_locator));
+ writer->write_data16(writer, sw_locator);
+
+ if (has_record)
+ {
+ writer->write_data32(writer, sw_record->get_record(sw_record));
+ }
+}
+
METHOD(pa_tnc_attr_t, build, void,
private_ietf_swima_attr_sw_ev_t *this)
{
bio_writer_t *writer;
swima_event_t *sw_event;
swima_record_t *sw_record;
- chunk_t timestamp, sw_id, sw_locator, record;
- pen_type_t data_model;
- uint32_t eid, record_id, last_eid, last_consulted_eid, eid_epoch;
- uint8_t action, source_id;
+ chunk_t timestamp;
+ uint32_t last_eid, last_consulted_eid, eid_epoch;
+ uint8_t action;
enumerator_t *enumerator;
if (this->value.ptr)
@@ -195,29 +219,14 @@ METHOD(pa_tnc_attr_t, build, void,
enumerator = this->events->create_enumerator(this->events);
while (enumerator->enumerate(enumerator, &sw_event))
{
- eid = sw_event->get_eid(sw_event, &timestamp);
action = sw_event->get_action(sw_event);
sw_record = sw_event->get_sw_record(sw_event);
- record_id = sw_record->get_record_id(sw_record);
- data_model = sw_record->get_data_model(sw_record);
- source_id = sw_record->get_source_id(sw_record);
- sw_id = sw_record->get_sw_id(sw_record, &sw_locator);
- writer->write_uint32(writer, eid);
+ writer->write_uint32(writer, sw_event->get_eid(sw_event, &timestamp));
writer->write_data (writer, timestamp);
- writer->write_uint32(writer, record_id);
- writer->write_uint24(writer, data_model.vendor_id);
- writer->write_uint8 (writer, data_model.type);
- writer->write_uint8 (writer, source_id);
- writer->write_uint8 (writer, action);
- writer->write_data16(writer, sw_id);
- writer->write_data16(writer, sw_locator);
-
- if (this->type.type == IETF_ATTR_SW_EVENTS)
- {
- record = sw_record->get_record(sw_record);
- writer->write_data32(writer, record);
- }
+
+ ietf_swima_attr_sw_ev_build_sw_record(writer, action, sw_record,
+ this->type.type == IETF_ATTR_SW_EVENTS);
}
enumerator->destroy(enumerator);
@@ -227,15 +236,56 @@ METHOD(pa_tnc_attr_t, build, void,
writer->destroy(writer);
}
+/**
+ * This function is shared with ietf_swima_attr_sw_inv.c
+ **/
+bool ietf_swima_attr_sw_ev_process_sw_record(bio_reader_t *reader,
+ uint8_t *action, swima_record_t **sw_record, bool has_record)
+{
+ pen_type_t data_model;
+ swima_record_t *sw_rec;
+ uint32_t data_model_pen, record_id;
+ uint8_t data_model_type, source_id, reserved;
+ chunk_t sw_id, sw_locator, record = chunk_empty;
+
+ if (!reader->read_uint32(reader, &record_id) ||
+ !reader->read_uint24(reader, &data_model_pen) ||
+ !reader->read_uint8 (reader, &data_model_type) ||
+ !reader->read_uint8 (reader, &source_id) ||
+ !reader->read_uint8 (reader, &reserved) ||
+ !reader->read_data16(reader, &sw_id) ||
+ !reader->read_data16(reader, &sw_locator))
+ {
+ return FALSE;
+ }
+
+ if (action)
+ {
+ *action = reserved;
+ }
+
+ if (has_record && !reader->read_data32(reader, &record))
+ {
+ return FALSE;
+ }
+
+ data_model = pen_type_create(data_model_pen, data_model_type);
+ sw_rec = swima_record_create(record_id, sw_id, sw_locator);
+ sw_rec->set_data_model(sw_rec, data_model);
+ sw_rec->set_source_id(sw_rec, source_id);
+ sw_rec->set_record(sw_rec, record);
+ *sw_record = sw_rec;
+
+ return TRUE;
+}
+
METHOD(pa_tnc_attr_t, process, status_t,
private_ietf_swima_attr_sw_ev_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- uint32_t data_model_pen, record_id;
uint32_t eid, eid_epoch, last_eid, last_consulted_eid;
- uint8_t data_model_type, source_id, action;
- pen_type_t data_model;
- chunk_t sw_id, sw_locator, record, timestamp;
+ uint8_t action;
+ chunk_t timestamp;
swima_event_t *sw_event;
swima_record_t *sw_record;
status_t status = NEED_MORE;
@@ -273,38 +323,24 @@ METHOD(pa_tnc_attr_t, process, status_t,
{
if (!reader->read_uint32(reader, &eid) ||
!reader->read_data (reader, SW_EV_TIMESTAMP_SIZE, &timestamp) ||
- !reader->read_uint32(reader, &record_id) ||
- !reader->read_uint24(reader, &data_model_pen) ||
- !reader->read_uint8 (reader, &data_model_type) ||
- !reader->read_uint8 (reader, &source_id) ||
- !reader->read_uint8 (reader, &action) ||
- !reader->read_data16(reader, &sw_id) ||
- !reader->read_data16(reader, &sw_locator))
+ !ietf_swima_attr_sw_ev_process_sw_record(reader, &action, &sw_record,
+ this->type.type == IETF_ATTR_SW_EVENTS))
{
goto end;
}
- record = chunk_empty;
- if (action == 0 || action > SWIMA_EVENT_ACTION_LAST)
+ if (action == SWIMA_EVENT_ACTION_NONE ||
+ action > SWIMA_EVENT_ACTION_LAST)
{
DBG1(DBG_TNC, "invalid event action value for %N/%N", pen_names,
PEN_IETF, ietf_attr_names, this->type.type);
*offset = this->offset;
+ sw_record->destroy(sw_record);
reader->destroy(reader);
return FAILED;
}
- if (this->type.type == IETF_ATTR_SW_EVENTS &&
- !reader->read_data32(reader, &record))
- {
- goto end;
- }
- data_model = pen_type_create(data_model_pen, data_model_type);
- sw_record = swima_record_create(record_id, sw_id, sw_locator);
- sw_record->set_data_model(sw_record, data_model);
- sw_record->set_source_id(sw_record, source_id);
- sw_record->set_record(sw_record, record);
sw_event = swima_event_create(eid, timestamp, action, sw_record);
this->events->add(this->events, sw_event);
this->offset += this->value.len - reader->remaining(reader);
diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c b/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c
index ee5b16b92..8035dbb07 100644
--- a/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c
+++ b/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c
@@ -26,7 +26,7 @@ typedef struct private_ietf_swima_attr_sw_inv_t private_ietf_swima_attr_sw_inv_t
/**
* Software [Identifier] Inventory
- * see sections 5.8/5.10 of IETF SW Inventory Message and Attributes for PA-TNC
+ * see sections 5.8/5.10 of RFC 8412 SWIMA
*
* 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
@@ -43,7 +43,9 @@ typedef struct private_ietf_swima_attr_sw_inv_t private_ietf_swima_attr_sw_inv_t
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Data Model Type PEN |Data Model Type|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Source ID Num | Software Identifier Length |Software Id (v)|
+ * | Source ID Num | Reserved | Software Identifier Length |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Software Identifier (Variable Length) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Software Locator Length | Software Locator (Var. Len) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
@@ -148,15 +150,18 @@ METHOD(pa_tnc_attr_t, set_noskip_flag,void,
this->noskip_flag = noskip;
}
+/**
+ * This function is shared with ietf_swima_attr_sw_ev.c
+ **/
+extern void ietf_swima_attr_sw_ev_build_sw_record(bio_writer_t *writer,
+ uint8_t action, swima_record_t *sw_record, bool has_record);
+
METHOD(pa_tnc_attr_t, build, void,
private_ietf_swima_attr_sw_inv_t *this)
{
bio_writer_t *writer;
swima_record_t *sw_record;
- chunk_t sw_id, sw_locator, record;
- pen_type_t data_model;
- uint32_t record_id, last_eid, eid_epoch;
- uint8_t source_id;
+ uint32_t last_eid, eid_epoch;
enumerator_t *enumerator;
if (this->value.ptr)
@@ -175,23 +180,8 @@ METHOD(pa_tnc_attr_t, build, void,
enumerator = this->inventory->create_enumerator(this->inventory);
while (enumerator->enumerate(enumerator, &sw_record))
{
- record_id = sw_record->get_record_id(sw_record);
- data_model = sw_record->get_data_model(sw_record);
- source_id = sw_record->get_source_id(sw_record);
- sw_id = sw_record->get_sw_id(sw_record, &sw_locator);
-
- writer->write_uint32(writer, record_id);
- writer->write_uint24(writer, data_model.vendor_id);
- writer->write_uint8 (writer, data_model.type);
- writer->write_uint8 (writer, source_id);
- writer->write_data16(writer, sw_id);
- writer->write_data16(writer, sw_locator);
-
- if (this->type.type == IETF_ATTR_SW_INVENTORY)
- {
- record = sw_record->get_record(sw_record);
- writer->write_data32(writer, record);
- }
+ ietf_swima_attr_sw_ev_build_sw_record(writer, 0x00, sw_record,
+ this->type.type == IETF_ATTR_SW_INVENTORY);
}
enumerator->destroy(enumerator);
@@ -201,14 +191,17 @@ METHOD(pa_tnc_attr_t, build, void,
writer->destroy(writer);
}
+/**
+ * This function is shared with ietf_swima_attr_sw_ev.c
+ **/
+extern bool ietf_swima_attr_sw_ev_process_sw_record(bio_reader_t *reader,
+ uint8_t *action, swima_record_t **sw_record, bool has_record);
+
METHOD(pa_tnc_attr_t, process, status_t,
private_ietf_swima_attr_sw_inv_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- uint32_t data_model_pen, record_id, last_eid, eid_epoch;
- uint8_t data_model_type, source_id;
- pen_type_t data_model;
- chunk_t sw_id, sw_locator, record;
+ uint32_t last_eid, eid_epoch;
swima_record_t *sw_record;
status_t status = NEED_MORE;
@@ -241,27 +234,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
while (this->record_count)
{
- if (!reader->read_uint32(reader, &record_id) ||
- !reader->read_uint24(reader, &data_model_pen) ||
- !reader->read_uint8 (reader, &data_model_type) ||
- !reader->read_uint8 (reader, &source_id) ||
- !reader->read_data16(reader, &sw_id) ||
- !reader->read_data16(reader, &sw_locator))
+ if (!ietf_swima_attr_sw_ev_process_sw_record(reader, NULL, &sw_record,
+ this->type.type == IETF_ATTR_SW_INVENTORY))
{
goto end;
}
- record = chunk_empty;
- if (this->type.type == IETF_ATTR_SW_INVENTORY &&
- !reader->read_data32(reader, &record))
- {
- goto end;
- }
- data_model = pen_type_create(data_model_pen, data_model_type);
- sw_record = swima_record_create(record_id, sw_id, sw_locator);
- sw_record->set_data_model(sw_record, data_model);
- sw_record->set_source_id(sw_record, source_id);
- sw_record->set_record(sw_record, record);
this->inventory->add(this->inventory, sw_record);
this->offset += this->value.len - reader->remaining(reader);
this->value = reader->peek(reader);
diff --git a/src/libimcv/imc/imc_agent.c b/src/libimcv/imc/imc_agent.c
index 3a7a16bc2..ec44d587f 100644
--- a/src/libimcv/imc/imc_agent.c
+++ b/src/libimcv/imc/imc_agent.c
@@ -74,6 +74,11 @@ struct private_imc_agent_t {
rwlock_t *connection_lock;
/**
+ * Is the transport protocol PT-TLS?
+ */
+ bool has_pt_tls;
+
+ /**
* Inform a TNCC about the set of message types the IMC is able to receive
*
* @param imc_id IMC ID assigned by TNCC
@@ -372,6 +377,8 @@ METHOD(imc_agent_t, create_state, TNC_Result,
DBG2(DBG_IMC, " over %s %s with maximum PA-TNC message size of %u bytes",
t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len);
+ this->has_pt_tls = streq(t_p, "IF-T for TLS");
+
free(tnccs_p);
free(tnccs_v);
free(t_p);
@@ -403,6 +410,7 @@ METHOD(imc_agent_t, change_state, TNC_Result,
imc_state_t **state_p)
{
imc_state_t *state;
+ TNC_ConnectionState old_state;
switch (new_state)
{
@@ -418,7 +426,7 @@ METHOD(imc_agent_t, change_state, TNC_Result,
this->id, this->name, connection_id);
return TNC_RESULT_FATAL;
}
- state->change_state(state, new_state);
+ old_state = state->change_state(state, new_state);
DBG2(DBG_IMC, "IMC %u \"%s\" changed state of Connection ID %u to '%N'",
this->id, this->name, connection_id,
TNC_Connection_State_names, new_state);
@@ -426,6 +434,13 @@ METHOD(imc_agent_t, change_state, TNC_Result,
{
*state_p = state;
}
+ if (new_state == TNC_CONNECTION_STATE_HANDSHAKE &&
+ old_state != TNC_CONNECTION_STATE_CREATE)
+ {
+ state->reset(state);
+ DBG2(DBG_IMC, "IMC %u \"%s\" reset state of Connection ID %u",
+ this->id, this->name, connection_id);
+ }
break;
case TNC_CONNECTION_STATE_CREATE:
DBG1(DBG_IMC, "state '%N' should be handled by create_state()",
@@ -531,6 +546,12 @@ METHOD(imc_agent_t, get_non_fatal_attr_types, linked_list_t*,
return this->non_fatal_attr_types;
}
+METHOD(imc_agent_t, has_pt_tls, bool,
+ private_imc_agent_t *this)
+{
+ return this->has_pt_tls;
+}
+
METHOD(imc_agent_t, destroy, void,
private_imc_agent_t *this)
{
@@ -575,6 +596,7 @@ imc_agent_t *imc_agent_create(const char *name,
.create_id_enumerator = _create_id_enumerator,
.add_non_fatal_attr_type = _add_non_fatal_attr_type,
.get_non_fatal_attr_types = _get_non_fatal_attr_types,
+ .has_pt_tls = _has_pt_tls,
.destroy = _destroy,
},
.name = name,
diff --git a/src/libimcv/imc/imc_agent.h b/src/libimcv/imc/imc_agent.h
index bac1b4832..27c749954 100644
--- a/src/libimcv/imc/imc_agent.h
+++ b/src/libimcv/imc/imc_agent.h
@@ -182,6 +182,13 @@ struct imc_agent_t {
linked_list_t* (*get_non_fatal_attr_types)(imc_agent_t *this);
/**
+ * Is the transport protocol PT-TLS?
+ *
+ * return TRUE if PT-TLS
+ */
+ bool (*has_pt_tls)(imc_agent_t *this);
+
+ /**
* Destroys an imc_agent_t object
*/
void (*destroy)(imc_agent_t *this);
diff --git a/src/libimcv/imc/imc_state.h b/src/libimcv/imc/imc_state.h
index d8aeab996..bd55f7356 100644
--- a/src/libimcv/imc/imc_state.h
+++ b/src/libimcv/imc/imc_state.h
@@ -92,8 +92,10 @@ struct imc_state_t {
* Change the connection state
*
* @param new_state new connection state
+ * @return old connection state
*/
- void (*change_state)(imc_state_t *this, TNC_ConnectionState new_state);
+ TNC_ConnectionState (*change_state)(imc_state_t *this,
+ TNC_ConnectionState new_state);
/**
* Set the Assessment/Evaluation Result
@@ -115,6 +117,11 @@ struct imc_state_t {
TNC_IMV_Evaluation_Result *result);
/**
+ * Resets the state for a new measurement cycle triggered by a SRETRY batch
+ */
+ void (*reset)(imc_state_t *this);
+
+ /**
* Destroys an imc_state_t object
*/
void (*destroy)(imc_state_t *this);
diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql
index 860573c31..5d5283620 100644
--- a/src/libimcv/imv/data.sql
+++ b/src/libimcv/imv/data.sql
@@ -556,6 +556,24 @@ INSERT INTO products ( /* 93 */
'Debian 8.10 x86_64'
);
+INSERT INTO products ( /* 94 */
+ name
+) VALUES (
+ 'Debian 8.11 i686'
+);
+
+INSERT INTO products ( /* 95 */
+ name
+) VALUES (
+ 'Debian 8.11 x86_64'
+);
+
+INSERT INTO products ( /* 96 */
+ name
+) VALUES (
+ 'Ubuntu 18.04 x86_64'
+);
+
/* Directories */
INSERT INTO directories ( /* 1 */
@@ -968,19 +986,19 @@ INSERT INTO groups ( /* 10 */
'Ref. Linux', 8
);
-INSERT INTO groups ( /* 11 */
+INSERT INTO groups ( /* 11 */
name
) VALUES (
'TPM BIOS'
);
-INSERT INTO groups ( /* 12 */
+INSERT INTO groups ( /* 12 */
name
) VALUES (
'TPM IMA'
);
-INSERT INTO groups ( /* 13 */
+INSERT INTO groups ( /* 13 */
name
) VALUES (
'TPM BIOS/IMA'
@@ -998,7 +1016,7 @@ INSERT INTO groups ( /* 15 */
'Debian armv7l', 2
);
-INSERT INTO groups ( /* 16 */
+INSERT INTO groups ( /* 16 */
name
) VALUES (
'TPM TBOOT'
@@ -1123,6 +1141,12 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 4, 94
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
5, 2
);
@@ -1237,6 +1261,12 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 5, 95
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
6, 9
);
@@ -1387,6 +1417,12 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 7, 96
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
3, 21
);
diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c
index bb0b3b75b..14623ad8d 100644
--- a/src/libimcv/imv/imv_agent.c
+++ b/src/libimcv/imv/imv_agent.c
@@ -492,6 +492,7 @@ METHOD(imv_agent_t, change_state, TNC_Result,
imv_state_t **state_p)
{
imv_state_t *state;
+ TNC_ConnectionState old_state;
switch (new_state)
{
@@ -506,7 +507,7 @@ METHOD(imv_agent_t, change_state, TNC_Result,
this->id, this->name, connection_id);
return TNC_RESULT_FATAL;
}
- state->change_state(state, new_state);
+ old_state = state->change_state(state, new_state);
DBG2(DBG_IMV, "IMV %u \"%s\" changed state of Connection ID %u to '%N'",
this->id, this->name, connection_id,
TNC_Connection_State_names, new_state);
@@ -514,6 +515,13 @@ METHOD(imv_agent_t, change_state, TNC_Result,
{
*state_p = state;
}
+ if (new_state == TNC_CONNECTION_STATE_HANDSHAKE &&
+ old_state != TNC_CONNECTION_STATE_CREATE)
+ {
+ state->reset(state);
+ DBG2(DBG_IMV, "IMV %u \"%s\" reset state of Connection ID %u",
+ this->id, this->name, connection_id);
+ }
break;
case TNC_CONNECTION_STATE_CREATE:
DBG1(DBG_IMV, "state '%N' should be handled by create_state()",
@@ -643,7 +651,7 @@ METHOD(enumerator_t, language_enumerator_enumerate, bool,
if (pos)
{
len = pos - this->lang_pos;
- this->lang_pos += len + 1,
+ this->lang_pos += len + 1;
this->lang_len -= len + 1;
}
else
diff --git a/src/libimcv/imv/imv_database.c b/src/libimcv/imv/imv_database.c
index b444abdbb..03f583204 100644
--- a/src/libimcv/imv/imv_database.c
+++ b/src/libimcv/imv/imv_database.c
@@ -143,7 +143,7 @@ static bool create_session(private_imv_database_t *this, imv_session_t *session)
}
/* create a new session entry */
- created = session->get_creation_time(session);
+ created = time(NULL);
conn_id = session->get_connection_id(session);
this->db->execute(this->db, &session_id,
"INSERT INTO sessions (time, connection, product, device) "
@@ -161,6 +161,7 @@ static bool create_session(private_imv_database_t *this, imv_session_t *session)
return FALSE;
}
session->set_session_id(session, session_id, pid, did);
+ session->set_creation_time(session, created);
enumerator = session->create_ar_identities_enumerator(session);
while (enumerator->enumerate(enumerator, &tnc_id))
diff --git a/src/libimcv/imv/imv_session.c b/src/libimcv/imv/imv_session.c
index bc6b5a8d1..830dd48d4 100644
--- a/src/libimcv/imv/imv_session.c
+++ b/src/libimcv/imv/imv_session.c
@@ -121,6 +121,12 @@ METHOD(imv_session_t, get_connection_id, TNC_ConnectionID,
return this->conn_id;
}
+METHOD(imv_session_t, set_creation_time, void,
+ private_imv_session_t *this, time_t created)
+{
+ this->created = created;
+}
+
METHOD(imv_session_t, get_creation_time, time_t,
private_imv_session_t *this)
{
@@ -259,7 +265,7 @@ METHOD(imv_session_t, destroy, void,
/**
* See header
*/
-imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created,
+imv_session_t *imv_session_create(TNC_ConnectionID conn_id,
linked_list_t *ar_identities)
{
private_imv_session_t *this;
@@ -269,6 +275,7 @@ imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created,
.set_session_id = _set_session_id,
.get_session_id = _get_session_id,
.get_connection_id = _get_connection_id,
+ .set_creation_time = _set_creation_time,
.get_creation_time = _get_creation_time,
.create_ar_identities_enumerator = _create_ar_identities_enumerator,
.get_os_info = _get_os_info,
@@ -286,7 +293,6 @@ imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created,
.destroy = _destroy,
},
.conn_id = conn_id,
- .created = created,
.ar_identities = ar_identities,
.os_info = imv_os_info_create(),
.workitems = linked_list_create(),
diff --git a/src/libimcv/imv/imv_session.h b/src/libimcv/imv/imv_session.h
index 107716f30..a2f6fc2a8 100644
--- a/src/libimcv/imv/imv_session.h
+++ b/src/libimcv/imv/imv_session.h
@@ -63,6 +63,13 @@ struct imv_session_t {
TNC_ConnectionID (*get_connection_id)(imv_session_t *this);
/**
+ * Set session creation time
+ *
+ * @param created Session creation time
+ */
+ void (*set_creation_time)(imv_session_t *this, time_t created);
+
+ /**
* Get session creation time
*
* @return Session creation time
@@ -170,10 +177,9 @@ struct imv_session_t {
* Create an imv_session_t instance
*
* @param id Associated Connection ID
- * @param created Session creation time
* @param ar_identities List of Access Requestor identities
*/
-imv_session_t* imv_session_create(TNC_ConnectionID id, time_t created,
- linked_list_t *ar_identities);
+imv_session_t* imv_session_create(TNC_ConnectionID id,
+ linked_list_t *ar_identities);
#endif /** IMV_SESSION_H_ @}*/
diff --git a/src/libimcv/imv/imv_session_manager.c b/src/libimcv/imv/imv_session_manager.c
index c97602998..2e3cfa466 100644
--- a/src/libimcv/imv/imv_session_manager.c
+++ b/src/libimcv/imv/imv_session_manager.c
@@ -51,7 +51,6 @@ METHOD(imv_session_manager_t, add_session, imv_session_t*,
enumerator_t *enumerator;
tncif_identity_t *tnc_id;
imv_session_t *current, *session = NULL;
- time_t created;
this->mutex->lock(this->mutex);
@@ -105,8 +104,7 @@ METHOD(imv_session_manager_t, add_session, imv_session_t*,
enumerator->destroy(enumerator);
/* create a new session entry */
- created = time(NULL);
- session = imv_session_create(conn_id, created, ar_identities);
+ session = imv_session_create(conn_id, ar_identities);
this->sessions->insert_last(this->sessions, session);
this->mutex->unlock(this->mutex);
diff --git a/src/libimcv/imv/imv_state.h b/src/libimcv/imv/imv_state.h
index 30ed612b3..4571da2fa 100644
--- a/src/libimcv/imv/imv_state.h
+++ b/src/libimcv/imv/imv_state.h
@@ -119,8 +119,10 @@ struct imv_state_t {
* Change the connection state
*
* @param new_state new connection state
+ * @return old connection state
*/
- void (*change_state)(imv_state_t *this, TNC_ConnectionState new_state);
+ TNC_ConnectionState (*change_state)(imv_state_t *this,
+ TNC_ConnectionState new_state);
/**
* Get IMV action recommendation and evaluation result
@@ -182,6 +184,11 @@ struct imv_state_t {
char **uri);
/**
+ * Resets the state for a new measurement cycle triggered by a SRETRY batch
+ */
+ void (*reset)(imv_state_t *this);
+
+ /**
* Destroys an imv_state_t object
*/
void (*destroy)(imv_state_t *this);
diff --git a/src/libimcv/plugins/imc_attestation/Makefile.in b/src/libimcv/plugins/imc_attestation/Makefile.in
index bc079ff12..4817d3fc5 100644
--- a/src/libimcv/plugins/imc_attestation/Makefile.in
+++ b/src/libimcv/plugins/imc_attestation/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation.c b/src/libimcv/plugins/imc_attestation/imc_attestation.c
index 0dd88b6a7..f592a5134 100644
--- a/src/libimcv/plugins/imc_attestation/imc_attestation.c
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation.c
@@ -115,19 +115,8 @@ TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
case TNC_CONNECTION_STATE_CREATE:
state = imc_attestation_state_create(connection_id);
return imc_attestation->create_state(imc_attestation, state);
- case TNC_CONNECTION_STATE_HANDSHAKE:
- if (imc_attestation->change_state(imc_attestation, connection_id,
- new_state, &state) != TNC_RESULT_SUCCESS)
- {
- return TNC_RESULT_FATAL;
- }
- state->set_result(state, imc_id,
- TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
- return TNC_RESULT_SUCCESS;
case TNC_CONNECTION_STATE_DELETE:
return imc_attestation->delete_state(imc_attestation, connection_id);
- case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
- case TNC_CONNECTION_STATE_ACCESS_NONE:
default:
return imc_attestation->change_state(imc_attestation, connection_id,
new_state, NULL);
diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_state.c b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c
index b789a2104..f8e0b8d2c 100644
--- a/src/libimcv/plugins/imc_attestation/imc_attestation_state.c
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c
@@ -131,10 +131,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
return this->contracts;
}
-METHOD(imc_state_t, change_state, void,
+METHOD(imc_state_t, change_state, TNC_ConnectionState,
private_imc_attestation_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imc_state_t, set_result, void,
@@ -155,6 +159,21 @@ METHOD(imc_state_t, get_result, bool,
return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
}
+METHOD(imc_state_t, reset, void,
+ private_imc_attestation_state_t *this)
+{
+ this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+ this->components->destroy_offset(this->components,
+ offsetof(pts_component_t, destroy));
+ this->components = linked_list_create();
+ this->list->destroy_offset(this->list,
+ offsetof(pts_comp_evidence_t, destroy));
+ this->list = linked_list_create();
+ this->pts->destroy(this->pts);
+ this->pts = pts_create(TRUE);
+}
+
METHOD(imc_state_t, destroy, void,
private_imc_attestation_state_t *this)
{
@@ -238,6 +257,7 @@ imc_state_t *imc_attestation_state_create(TNC_ConnectionID connection_id)
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
+ .reset = _reset,
.destroy = _destroy,
},
.get_pts = _get_pts,
diff --git a/src/libimcv/plugins/imc_hcd/Makefile.in b/src/libimcv/plugins/imc_hcd/Makefile.in
index 1b71b26d0..e6074a35c 100644
--- a/src/libimcv/plugins/imc_hcd/Makefile.in
+++ b/src/libimcv/plugins/imc_hcd/Makefile.in
@@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -334,6 +333,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -354,8 +355,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -410,8 +409,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -440,8 +437,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imc_hcd/imc_hcd.c b/src/libimcv/plugins/imc_hcd/imc_hcd.c
index b631683ce..09ba8bc0b 100644
--- a/src/libimcv/plugins/imc_hcd/imc_hcd.c
+++ b/src/libimcv/plugins/imc_hcd/imc_hcd.c
@@ -141,15 +141,6 @@ TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
case TNC_CONNECTION_STATE_CREATE:
state = imc_hcd_state_create(connection_id);
return imc_hcd->create_state(imc_hcd, state);
- case TNC_CONNECTION_STATE_HANDSHAKE:
- if (imc_hcd->change_state(imc_hcd, connection_id, new_state,
- &state) != TNC_RESULT_SUCCESS)
- {
- return TNC_RESULT_FATAL;
- }
- state->set_result(state, imc_id,
- TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
- return TNC_RESULT_SUCCESS;
case TNC_CONNECTION_STATE_DELETE:
return imc_hcd->delete_state(imc_hcd, connection_id);
default:
@@ -348,7 +339,7 @@ static void add_certification_state(imc_msg_t *msg)
if (hex_string)
{
blob = chunk_from_hex(chunk_from_str(hex_string), NULL);
-
+
DBG2(DBG_IMC, " %N: %B", pwg_attr_names, PWG_HCD_CERTIFICATION_STATE,
&blob);
attr = generic_attr_chunk_create(blob,
@@ -373,7 +364,7 @@ static void add_configuration_state(imc_msg_t *msg)
if (hex_string)
{
blob = chunk_from_hex(chunk_from_str(hex_string), NULL);
-
+
DBG2(DBG_IMC, " %N: %B", pwg_attr_names, PWG_HCD_CONFIGURATION_STATE,
&blob);
attr = generic_attr_chunk_create(blob,
@@ -412,7 +403,7 @@ static void add_quadruple(imc_msg_t *msg, char *section, quadruple_t *quad)
"%s.plugins.imc-hcd.subtypes.%s.%s.%s.string_version",
"", lib->ns, section, quad->section, app);
hex_version = lib->settings->get_str(lib->settings,
- "%s.plugins.imc-hcd.subtypes.%s.%s.%s.version",
+ "%s.plugins.imc-hcd.subtypes.%s.%s.%s.version",
hex_version_default, lib->ns, section, quad->section, app);
/* convert hex string into binary chunk */
diff --git a/src/libimcv/plugins/imc_hcd/imc_hcd_state.c b/src/libimcv/plugins/imc_hcd/imc_hcd_state.c
index 60ccdce81..b2207f28a 100644
--- a/src/libimcv/plugins/imc_hcd/imc_hcd_state.c
+++ b/src/libimcv/plugins/imc_hcd/imc_hcd_state.c
@@ -110,10 +110,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
return this->contracts;
}
-METHOD(imc_state_t, change_state, void,
+METHOD(imc_state_t, change_state, TNC_ConnectionState,
private_imc_hcd_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imc_state_t, set_result, void,
@@ -134,6 +138,12 @@ METHOD(imc_state_t, get_result, bool,
return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
}
+METHOD(imc_state_t, reset, void,
+ private_imc_hcd_state_t *this)
+{
+ this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+}
+
METHOD(imc_state_t, destroy, void,
private_imc_hcd_state_t *this)
{
@@ -161,6 +171,7 @@ imc_state_t *imc_hcd_state_create(TNC_ConnectionID connection_id)
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
+ .reset = _reset,
.destroy = _destroy,
},
},
diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in
index e62c04bea..4821d43f7 100644
--- a/src/libimcv/plugins/imc_os/Makefile.in
+++ b/src/libimcv/plugins/imc_os/Makefile.in
@@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -334,6 +333,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -354,8 +355,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -410,8 +409,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -440,8 +437,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c
index d7b508ab9..a10492e04 100644
--- a/src/libimcv/plugins/imc_os/imc_os.c
+++ b/src/libimcv/plugins/imc_os/imc_os.c
@@ -103,15 +103,6 @@ TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
case TNC_CONNECTION_STATE_CREATE:
state = imc_os_state_create(connection_id);
return imc_os->create_state(imc_os, state);
- case TNC_CONNECTION_STATE_HANDSHAKE:
- if (imc_os->change_state(imc_os, connection_id, new_state,
- &state) != TNC_RESULT_SUCCESS)
- {
- return TNC_RESULT_FATAL;
- }
- state->set_result(state, imc_id,
- TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
- return TNC_RESULT_SUCCESS;
case TNC_CONNECTION_STATE_DELETE:
return imc_os->delete_state(imc_os, connection_id);
default:
diff --git a/src/libimcv/plugins/imc_os/imc_os_state.c b/src/libimcv/plugins/imc_os/imc_os_state.c
index a38696a81..d26454719 100644
--- a/src/libimcv/plugins/imc_os/imc_os_state.c
+++ b/src/libimcv/plugins/imc_os/imc_os_state.c
@@ -110,10 +110,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
return this->contracts;
}
-METHOD(imc_state_t, change_state, void,
+METHOD(imc_state_t, change_state, TNC_ConnectionState,
private_imc_os_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imc_state_t, set_result, void,
@@ -134,6 +138,12 @@ METHOD(imc_state_t, get_result, bool,
return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
}
+METHOD(imc_state_t, reset, void,
+ private_imc_os_state_t *this)
+{
+ this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+}
+
METHOD(imc_state_t, destroy, void,
private_imc_os_state_t *this)
{
@@ -161,6 +171,7 @@ imc_state_t *imc_os_state_create(TNC_ConnectionID connection_id)
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
+ .reset = _reset,
.destroy = _destroy,
},
},
diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in
index a054a475b..c55ac867c 100644
--- a/src/libimcv/plugins/imc_scanner/Makefile.in
+++ b/src/libimcv/plugins/imc_scanner/Makefile.in
@@ -309,7 +309,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -335,6 +334,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -355,8 +356,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -411,8 +410,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -441,8 +438,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner.c b/src/libimcv/plugins/imc_scanner/imc_scanner.c
index 93ed4271b..c4fc254cf 100644
--- a/src/libimcv/plugins/imc_scanner/imc_scanner.c
+++ b/src/libimcv/plugins/imc_scanner/imc_scanner.c
@@ -85,15 +85,6 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
case TNC_CONNECTION_STATE_CREATE:
state = imc_scanner_state_create(connection_id);
return imc_scanner->create_state(imc_scanner, state);
- case TNC_CONNECTION_STATE_HANDSHAKE:
- if (imc_scanner->change_state(imc_scanner, connection_id, new_state,
- &state) != TNC_RESULT_SUCCESS)
- {
- return TNC_RESULT_FATAL;
- }
- state->set_result(state, imc_id,
- TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
- return TNC_RESULT_SUCCESS;
case TNC_CONNECTION_STATE_DELETE:
return imc_scanner->delete_state(imc_scanner, connection_id);
default:
diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c
index c1b7a50e4..2a2214841 100644
--- a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c
+++ b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c
@@ -110,10 +110,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
return this->contracts;
}
-METHOD(imc_state_t, change_state, void,
+METHOD(imc_state_t, change_state, TNC_ConnectionState,
private_imc_scanner_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imc_state_t, set_result, void,
@@ -134,6 +138,12 @@ METHOD(imc_state_t, get_result, bool,
return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
}
+METHOD(imc_state_t, reset, void,
+ private_imc_scanner_state_t *this)
+{
+ this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+}
+
METHOD(imc_state_t, destroy, void,
private_imc_scanner_state_t *this)
{
@@ -161,6 +171,7 @@ imc_state_t *imc_scanner_state_create(TNC_ConnectionID connection_id)
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
+ .reset = _reset,
.destroy = _destroy,
},
},
diff --git a/src/libimcv/plugins/imc_swid/Makefile.am b/src/libimcv/plugins/imc_swid/Makefile.am
deleted file mode 100644
index 22f2e3762..000000000
--- a/src/libimcv/plugins/imc_swid/Makefile.am
+++ /dev/null
@@ -1,36 +0,0 @@
-regid = strongswan.org
-unique_sw_id = strongSwan-$(PACKAGE_VERSION_MAJOR)-$(PACKAGE_VERSION_MINOR)-$(PACKAGE_VERSION_BUILD)$(PACKAGE_VERSION_REVIEW)
-swid_tag = $(regid)__$(unique_sw_id).swidtag
-
-swiddir = $(pkgdatadir)/swidtag
-dist_swid_DATA = $(swid_tag)
-EXTRA_DIST = $(regid)__strongSwan.swidtag.in
-CLEANFILES = $(regid)__strongSwan*.swidtag
-
-$(swid_tag) : $(regid)__strongSwan.swidtag.in
- $(AM_V_GEN) \
- sed \
- -e "s:@VERSION_MAJOR@:$(PACKAGE_VERSION_MAJOR):" \
- -e "s:@VERSION_MINOR@:$(PACKAGE_VERSION_MINOR):" \
- -e "s:@VERSION_BUILD@:$(PACKAGE_VERSION_BUILD):" \
- -e "s:@VERSION_REVIEW@:$(PACKAGE_VERSION_REVIEW):" \
- $(srcdir)/$(regid)__strongSwan.swidtag.in > $@
-
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv \
- -DSWID_DIRECTORY=\"${prefix}/share\"
-
-AM_CFLAGS = \
- $(PLUGIN_CFLAGS)
-
-imcv_LTLIBRARIES = imc-swid.la
-
-imc_swid_la_LIBADD = \
- $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
-
-imc_swid_la_SOURCES = imc_swid.c imc_swid_state.h imc_swid_state.c
-
-imc_swid_la_LDFLAGS = -module -avoid-version -no-undefined
diff --git a/src/libimcv/plugins/imc_swid/Makefile.in b/src/libimcv/plugins/imc_swid/Makefile.in
deleted file mode 100644
index f58935f2e..000000000
--- a/src/libimcv/plugins/imc_swid/Makefile.in
+++ /dev/null
@@ -1,831 +0,0 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = src/libimcv/plugins/imc_swid
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
- $(top_srcdir)/m4/config/ltoptions.m4 \
- $(top_srcdir)/m4/config/ltsugar.m4 \
- $(top_srcdir)/m4/config/ltversion.m4 \
- $(top_srcdir)/m4/config/lt~obsolete.m4 \
- $(top_srcdir)/m4/macros/split-package-version.m4 \
- $(top_srcdir)/m4/macros/with.m4 \
- $(top_srcdir)/m4/macros/enable-disable.m4 \
- $(top_srcdir)/m4/macros/add-plugin.m4 \
- $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(dist_swid_DATA) \
- $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(swiddir)"
-LTLIBRARIES = $(imcv_LTLIBRARIES)
-imc_swid_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
-am_imc_swid_la_OBJECTS = imc_swid.lo imc_swid_state.lo
-imc_swid_la_OBJECTS = $(am_imc_swid_la_OBJECTS)
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
-imc_swid_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(imc_swid_la_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-SOURCES = $(imc_swid_la_SOURCES)
-DIST_SOURCES = $(imc_swid_la_SOURCES)
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-DATA = $(dist_swid_DATA)
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-ALLOCA = @ALLOCA@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-ATOMICLIB = @ATOMICLIB@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BFDLIB = @BFDLIB@
-BTLIB = @BTLIB@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
-COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLIB = @DLLIB@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-EASY_INSTALL = @EASY_INSTALL@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
-GEM = @GEM@
-GENHTML = @GENHTML@
-GPERF = @GPERF@
-GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
-GPRBUILD = @GPRBUILD@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LCOV = @LCOV@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MYSQLCFLAG = @MYSQLCFLAG@
-MYSQLCONFIG = @MYSQLCONFIG@
-MYSQLLIB = @MYSQLLIB@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OPENSSL_LIB = @OPENSSL_LIB@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
-PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
-PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
-PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
-PTHREADLIB = @PTHREADLIB@
-PYTHON = @PYTHON@
-PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_VERSION = @PYTHON_VERSION@
-PY_TEST = @PY_TEST@
-RANLIB = @RANLIB@
-RTLIB = @RTLIB@
-RUBY = @RUBY@
-RUBYGEMDIR = @RUBYGEMDIR@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-SOCKLIB = @SOCKLIB@
-STRIP = @STRIP@
-UNWINDLIB = @UNWINDLIB@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-aikgen_plugins = @aikgen_plugins@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-attest_plugins = @attest_plugins@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-c_plugins = @c_plugins@
-charon_natt_port = @charon_natt_port@
-charon_plugins = @charon_plugins@
-charon_udp_port = @charon_udp_port@
-clearsilver_LIBS = @clearsilver_LIBS@
-cmd_plugins = @cmd_plugins@
-datadir = @datadir@
-datarootdir = @datarootdir@
-dev_headers = @dev_headers@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-fips_mode = @fips_mode@
-fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-imcvdir = @imcvdir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-ipsec_script = @ipsec_script@
-ipsec_script_upper = @ipsec_script_upper@
-ipsecdir = @ipsecdir@
-ipsecgroup = @ipsecgroup@
-ipseclibdir = @ipseclibdir@
-ipsecuser = @ipsecuser@
-json_CFLAGS = @json_CFLAGS@
-json_LIBS = @json_LIBS@
-libdir = @libdir@
-libexecdir = @libexecdir@
-libfuzzer = @libfuzzer@
-libiptc_CFLAGS = @libiptc_CFLAGS@
-libiptc_LIBS = @libiptc_LIBS@
-linux_headers = @linux_headers@
-localedir = @localedir@
-localstatedir = @localstatedir@
-manager_plugins = @manager_plugins@
-mandir = @mandir@
-medsrv_plugins = @medsrv_plugins@
-mkdir_p = @mkdir_p@
-nm_CFLAGS = @nm_CFLAGS@
-nm_LIBS = @nm_LIBS@
-nm_ca_dir = @nm_ca_dir@
-nm_plugins = @nm_plugins@
-oldincludedir = @oldincludedir@
-p_plugins = @p_plugins@
-pcsclite_CFLAGS = @pcsclite_CFLAGS@
-pcsclite_LIBS = @pcsclite_LIBS@
-pdfdir = @pdfdir@
-piddir = @piddir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-pki_plugins = @pki_plugins@
-plugindir = @plugindir@
-pool_plugins = @pool_plugins@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-random_device = @random_device@
-resolv_conf = @resolv_conf@
-routing_table = @routing_table@
-routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
-runstatedir = @runstatedir@
-s_plugins = @s_plugins@
-sbindir = @sbindir@
-scepclient_plugins = @scepclient_plugins@
-scripts_plugins = @scripts_plugins@
-sharedstatedir = @sharedstatedir@
-soup_CFLAGS = @soup_CFLAGS@
-soup_LIBS = @soup_LIBS@
-srcdir = @srcdir@
-starter_plugins = @starter_plugins@
-strongswan_conf = @strongswan_conf@
-strongswan_options = @strongswan_options@
-swanctldir = @swanctldir@
-sysconfdir = @sysconfdir@
-systemd_CFLAGS = @systemd_CFLAGS@
-systemd_LIBS = @systemd_LIBS@
-systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
-systemd_daemon_LIBS = @systemd_daemon_LIBS@
-systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
-systemd_journal_LIBS = @systemd_journal_LIBS@
-systemdsystemunitdir = @systemdsystemunitdir@
-t_plugins = @t_plugins@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-tss2_CFLAGS = @tss2_CFLAGS@
-tss2_LIBS = @tss2_LIBS@
-tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
-tss2_socket_LIBS = @tss2_socket_LIBS@
-tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
-tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
-urandom_device = @urandom_device@
-xml_CFLAGS = @xml_CFLAGS@
-xml_LIBS = @xml_LIBS@
-regid = strongswan.org
-unique_sw_id = strongSwan-$(PACKAGE_VERSION_MAJOR)-$(PACKAGE_VERSION_MINOR)-$(PACKAGE_VERSION_BUILD)$(PACKAGE_VERSION_REVIEW)
-swid_tag = $(regid)__$(unique_sw_id).swidtag
-swiddir = $(pkgdatadir)/swidtag
-dist_swid_DATA = $(swid_tag)
-EXTRA_DIST = $(regid)__strongSwan.swidtag.in
-CLEANFILES = $(regid)__strongSwan*.swidtag
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv \
- -DSWID_DIRECTORY=\"${prefix}/share\"
-
-AM_CFLAGS = \
- $(PLUGIN_CFLAGS)
-
-imcv_LTLIBRARIES = imc-swid.la
-imc_swid_la_LIBADD = \
- $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
-
-imc_swid_la_SOURCES = imc_swid.c imc_swid_state.h imc_swid_state.c
-imc_swid_la_LDFLAGS = -module -avoid-version -no-undefined
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .o .obj
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swid/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swid/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-install-imcvLTLIBRARIES: $(imcv_LTLIBRARIES)
- @$(NORMAL_INSTALL)
- @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
- list2=; for p in $$list; do \
- if test -f $$p; then \
- list2="$$list2 $$p"; \
- else :; fi; \
- done; \
- test -z "$$list2" || { \
- echo " $(MKDIR_P) '$(DESTDIR)$(imcvdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(imcvdir)" || exit 1; \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(imcvdir)'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(imcvdir)"; \
- }
-
-uninstall-imcvLTLIBRARIES:
- @$(NORMAL_UNINSTALL)
- @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
- for p in $$list; do \
- $(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(imcvdir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(imcvdir)/$$f"; \
- done
-
-clean-imcvLTLIBRARIES:
- -test -z "$(imcv_LTLIBRARIES)" || rm -f $(imcv_LTLIBRARIES)
- @list='$(imcv_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-
-imc-swid.la: $(imc_swid_la_OBJECTS) $(imc_swid_la_DEPENDENCIES) $(EXTRA_imc_swid_la_DEPENDENCIES)
- $(AM_V_CCLD)$(imc_swid_la_LINK) -rpath $(imcvdir) $(imc_swid_la_OBJECTS) $(imc_swid_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imc_swid.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imc_swid_state.Plo@am__quote@
-
-.c.o:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-install-dist_swidDATA: $(dist_swid_DATA)
- @$(NORMAL_INSTALL)
- @list='$(dist_swid_DATA)'; test -n "$(swiddir)" || list=; \
- if test -n "$$list"; then \
- echo " $(MKDIR_P) '$(DESTDIR)$(swiddir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(swiddir)" || exit 1; \
- fi; \
- for p in $$list; do \
- if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; \
- done | $(am__base_list) | \
- while read files; do \
- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(swiddir)'"; \
- $(INSTALL_DATA) $$files "$(DESTDIR)$(swiddir)" || exit $$?; \
- done
-
-uninstall-dist_swidDATA:
- @$(NORMAL_UNINSTALL)
- @list='$(dist_swid_DATA)'; test -n "$(swiddir)" || list=; \
- files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
- dir='$(DESTDIR)$(swiddir)'; $(am__uninstall_files_from_dir)
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(DATA)
-installdirs:
- for dir in "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(swiddir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
- -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-imcvLTLIBRARIES clean-libtool \
- mostlyclean-am
-
-distclean: distclean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-dist_swidDATA install-imcvLTLIBRARIES
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-dist_swidDATA uninstall-imcvLTLIBRARIES
-
-.MAKE: install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
- clean-imcvLTLIBRARIES clean-libtool cscopelist-am ctags \
- ctags-am distclean distclean-compile distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dist_swidDATA install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-imcvLTLIBRARIES install-info \
- install-info-am install-man install-pdf install-pdf-am \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags tags-am uninstall uninstall-am uninstall-dist_swidDATA \
- uninstall-imcvLTLIBRARIES
-
-.PRECIOUS: Makefile
-
-
-$(swid_tag) : $(regid)__strongSwan.swidtag.in
- $(AM_V_GEN) \
- sed \
- -e "s:@VERSION_MAJOR@:$(PACKAGE_VERSION_MAJOR):" \
- -e "s:@VERSION_MINOR@:$(PACKAGE_VERSION_MINOR):" \
- -e "s:@VERSION_BUILD@:$(PACKAGE_VERSION_BUILD):" \
- -e "s:@VERSION_REVIEW@:$(PACKAGE_VERSION_REVIEW):" \
- $(srcdir)/$(regid)__strongSwan.swidtag.in > $@
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/src/libimcv/plugins/imc_swid/imc_swid.c b/src/libimcv/plugins/imc_swid/imc_swid.c
deleted file mode 100644
index 1468a59cc..000000000
--- a/src/libimcv/plugins/imc_swid/imc_swid.c
+++ /dev/null
@@ -1,417 +0,0 @@
-/*
- * Copyright (C) 2013-2017 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "imc_swid_state.h"
-
-#include <imc/imc_agent.h>
-#include <imc/imc_msg.h>
-#include "tcg/seg/tcg_seg_attr_max_size.h"
-#include "tcg/seg/tcg_seg_attr_seg_env.h"
-#include "tcg/swid/tcg_swid_attr_req.h"
-#include "tcg/swid/tcg_swid_attr_tag_inv.h"
-#include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
-#include "swid/swid_inventory.h"
-#include "swid/swid_error.h"
-
-#include <tncif_pa_subtypes.h>
-
-#include <pen/pen.h>
-#include <utils/debug.h>
-
-/* IMC definitions */
-
-static const char imc_name[] = "SWID";
-
-static pen_type_t msg_types[] = {
- { PEN_TCG, PA_SUBTYPE_TCG_SWID }
-};
-
-static imc_agent_t *imc_swid;
-
-/**
- * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
- TNC_Version min_version,
- TNC_Version max_version,
- TNC_Version *actual_version)
-{
- if (imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name);
- return TNC_RESULT_ALREADY_INITIALIZED;
- }
- imc_swid = imc_agent_create(imc_name, msg_types, countof(msg_types),
- imc_id, actual_version);
- if (!imc_swid)
- {
- return TNC_RESULT_FATAL;
- }
- if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1)
- {
- DBG1(DBG_IMC, "no common IF-IMC version");
- return TNC_RESULT_NO_COMMON_VERSION;
- }
- return TNC_RESULT_SUCCESS;
-}
-
-/**
- * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
- TNC_ConnectionID connection_id,
- TNC_ConnectionState new_state)
-{
- imc_state_t *state;
-
- if (!imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- switch (new_state)
- {
- case TNC_CONNECTION_STATE_CREATE:
- state = imc_swid_state_create(connection_id);
- return imc_swid->create_state(imc_swid, state);
- case TNC_CONNECTION_STATE_HANDSHAKE:
- if (imc_swid->change_state(imc_swid, connection_id, new_state,
- &state) != TNC_RESULT_SUCCESS)
- {
- return TNC_RESULT_FATAL;
- }
- state->set_result(state, imc_id,
- TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
- return TNC_RESULT_SUCCESS;
- case TNC_CONNECTION_STATE_DELETE:
- return imc_swid->delete_state(imc_swid, connection_id);
- default:
- return imc_swid->change_state(imc_swid, connection_id,
- new_state, NULL);
- }
-}
-
-/**
- * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
- TNC_ConnectionID connection_id)
-{
- imc_state_t *state;
- imc_msg_t *out_msg;
- pa_tnc_attr_t *attr;
- seg_contract_t *contract;
- seg_contract_manager_t *contracts;
- size_t max_attr_size = SWID_MAX_ATTR_SIZE;
- size_t max_seg_size;
- char buf[BUF_LEN];
- TNC_Result result = TNC_RESULT_SUCCESS;
-
- if (!imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- if (!imc_swid->get_state(imc_swid, connection_id, &state))
- {
- return TNC_RESULT_FATAL;
- }
-
- /* Determine maximum PA-TNC attribute segment size */
- max_seg_size = state->get_max_msg_len(state) - PA_TNC_HEADER_SIZE
- - PA_TNC_ATTR_HEADER_SIZE
- - TCG_SEG_ATTR_SEG_ENV_HEADER;
-
- /* Announce support of PA-TNC segmentation to IMV */
- contract = seg_contract_create(msg_types[0], max_attr_size, max_seg_size,
- TRUE, imc_id, TRUE);
- contract->get_info_string(contract, buf, BUF_LEN, TRUE);
- DBG2(DBG_IMC, "%s", buf);
- contracts = state->get_contracts(state);
- contracts->add_contract(contracts, contract);
- attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE);
-
- /* send PA-TNC message with the excl flag not set */
- out_msg = imc_msg_create(imc_swid, state, connection_id, imc_id,
- TNC_IMVID_ANY, msg_types[0]);
- out_msg->add_attribute(out_msg, attr);
- result = out_msg->send(out_msg, FALSE);
- out_msg->destroy(out_msg);
-
- return result;
-}
-
-/**
- * Add one or multiple SWID Inventory attributes to the send queue
- */
-static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg,
- uint32_t request_id, bool full_tags,
- swid_inventory_t *targets)
-{
- pa_tnc_attr_t *attr, *attr_error;
- imc_swid_state_t *swid_state;
- swid_inventory_t *swid_inventory;
- char *swid_directory;
- uint32_t eid_epoch;
- bool swid_pretty, swid_full;
- enumerator_t *enumerator;
-
- swid_directory = lib->settings->get_str(lib->settings,
- "%s.plugins.imc-swid.swid_directory",
- SWID_DIRECTORY, lib->ns);
- swid_pretty = lib->settings->get_bool(lib->settings,
- "%s.plugins.imc-swid.swid_pretty",
- FALSE, lib->ns);
- swid_full = lib->settings->get_bool(lib->settings,
- "%s.plugins.imc-swid.swid_full",
- FALSE, lib->ns);
-
- swid_inventory = swid_inventory_create(full_tags);
- if (!swid_inventory->collect(swid_inventory, swid_directory, targets,
- swid_pretty, swid_full))
- {
- swid_inventory->destroy(swid_inventory);
- attr_error = swid_error_create(TCG_SWID_ERROR, request_id,
- 0, "error in SWID tag collection");
- msg->add_attribute(msg, attr_error);
- return FALSE;
- }
- DBG1(DBG_IMC, "collected %d SWID tag%s%s",
- swid_inventory->get_count(swid_inventory), full_tags ? "" : " ID",
- swid_inventory->get_count(swid_inventory) == 1 ? "" : "s");
-
- swid_state = (imc_swid_state_t*)state;
- eid_epoch = swid_state->get_eid_epoch(swid_state);
-
- if (full_tags)
- {
- tcg_swid_attr_tag_inv_t *swid_attr;
- swid_tag_t *tag;
-
- /* Send a TCG SWID Tag Inventory attribute */
- attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1);
- swid_attr = (tcg_swid_attr_tag_inv_t*)attr;
-
- enumerator = swid_inventory->create_enumerator(swid_inventory);
- while (enumerator->enumerate(enumerator, &tag))
- {
- swid_attr->add(swid_attr, tag->get_ref(tag));
- }
- enumerator->destroy(enumerator);
- }
- else
- {
- tcg_swid_attr_tag_id_inv_t *swid_id_attr;
- swid_tag_id_t *tag_id;
-
- /* Send a TCG SWID Tag ID Inventory attribute */
- attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1);
- swid_id_attr = (tcg_swid_attr_tag_id_inv_t*)attr;
-
- enumerator = swid_inventory->create_enumerator(swid_inventory);
- while (enumerator->enumerate(enumerator, &tag_id))
- {
- swid_id_attr->add(swid_id_attr, tag_id->get_ref(tag_id));
- }
- enumerator->destroy(enumerator);
- }
-
- msg->add_attribute(msg, attr);
- swid_inventory->destroy(swid_inventory);
-
- return TRUE;
-}
-
-static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
-{
- imc_msg_t *out_msg;
- pa_tnc_attr_t *attr;
- enumerator_t *enumerator;
- pen_type_t type;
- TNC_Result result;
- bool fatal_error = FALSE;
-
- /* generate an outgoing PA-TNC message - we might need it */
- out_msg = imc_msg_create_as_reply(in_msg);
-
- /* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, out_msg, &fatal_error);
- if (result != TNC_RESULT_SUCCESS)
- {
- out_msg->destroy(out_msg);
- return result;
- }
-
- /* analyze PA-TNC attributes */
- enumerator = in_msg->create_attribute_enumerator(in_msg);
- while (enumerator->enumerate(enumerator, &attr))
- {
- tcg_swid_attr_req_t *attr_req;
- uint8_t flags;
- uint32_t request_id;
- bool full_tags;
- swid_inventory_t *targets;
-
- type = attr->get_type(attr);
-
- if (type.vendor_id != PEN_TCG || type.type != TCG_SWID_REQUEST)
- {
- continue;
- }
-
- attr_req = (tcg_swid_attr_req_t*)attr;
- flags = attr_req->get_flags(attr_req);
- request_id = attr_req->get_request_id(attr_req);
- targets = attr_req->get_targets(attr_req);
-
- if (flags & (TCG_SWID_ATTR_REQ_FLAG_S | TCG_SWID_ATTR_REQ_FLAG_C))
- {
- attr = swid_error_create(TCG_SWID_SUBSCRIPTION_DENIED, request_id,
- 0, "no subscription available yet");
- out_msg->add_attribute(out_msg, attr);
- break;
- }
- full_tags = (flags & TCG_SWID_ATTR_REQ_FLAG_R) == 0;
-
- if (!add_swid_inventory(state, out_msg, request_id, full_tags, targets))
- {
- break;
- }
- }
- enumerator->destroy(enumerator);
-
- if (fatal_error)
- {
- result = TNC_RESULT_FATAL;
- }
- else
- {
- /* send PA-TNC message with the EXCL flag set */
- result = out_msg->send(out_msg, TRUE);
- }
- out_msg->destroy(out_msg);
-
- return result;
-}
-
-/**
- * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3
-
- */
-TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
- TNC_ConnectionID connection_id,
- TNC_BufferReference msg,
- TNC_UInt32 msg_len,
- TNC_MessageType msg_type)
-{
- imc_state_t *state;
- imc_msg_t *in_msg;
- TNC_Result result;
-
- if (!imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- if (!imc_swid->get_state(imc_swid, connection_id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- in_msg = imc_msg_create_from_data(imc_swid, state, connection_id, msg_type,
- chunk_create(msg, msg_len));
- result = receive_message(state, in_msg);
- in_msg->destroy(in_msg);
-
- return result;
-}
-
-/**
- * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3
- */
-TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id,
- TNC_ConnectionID connection_id,
- TNC_UInt32 msg_flags,
- TNC_BufferReference msg,
- TNC_UInt32 msg_len,
- TNC_VendorID msg_vid,
- TNC_MessageSubtype msg_subtype,
- TNC_UInt32 src_imv_id,
- TNC_UInt32 dst_imc_id)
-{
- imc_state_t *state;
- imc_msg_t *in_msg;
- TNC_Result result;
-
- if (!imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- if (!imc_swid->get_state(imc_swid, connection_id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- in_msg = imc_msg_create_from_long_data(imc_swid, state, connection_id,
- src_imv_id, dst_imc_id,msg_vid, msg_subtype,
- chunk_create(msg, msg_len));
- result =receive_message(state, in_msg);
- in_msg->destroy(in_msg);
-
- return result;
-}
-
-/**
- * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id,
- TNC_ConnectionID connection_id)
-{
- if (!imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- return TNC_RESULT_SUCCESS;
-}
-
-/**
- * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id)
-{
- if (!imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- imc_swid->destroy(imc_swid);
- imc_swid = NULL;
-
- return TNC_RESULT_SUCCESS;
-}
-
-/**
- * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id,
- TNC_TNCC_BindFunctionPointer bind_function)
-{
- if (!imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- return imc_swid->bind_functions(imc_swid, bind_function);
-}
diff --git a/src/libimcv/plugins/imc_swid/imc_swid_state.c b/src/libimcv/plugins/imc_swid/imc_swid_state.c
deleted file mode 100644
index 8d5e8e089..000000000
--- a/src/libimcv/plugins/imc_swid/imc_swid_state.c
+++ /dev/null
@@ -1,203 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "imc_swid_state.h"
-
-#include <tncif_names.h>
-
-#include <utils/debug.h>
-
-typedef struct private_imc_swid_state_t private_imc_swid_state_t;
-
-/**
- * Private data of an imc_swid_state_t object.
- */
-struct private_imc_swid_state_t {
-
- /**
- * Public members of imc_swid_state_t
- */
- imc_swid_state_t public;
-
- /**
- * TNCCS connection ID
- */
- TNC_ConnectionID connection_id;
-
- /**
- * TNCCS connection state
- */
- TNC_ConnectionState state;
-
- /**
- * Assessment/Evaluation Result
- */
- TNC_IMV_Evaluation_Result result;
-
- /**
- * Does the TNCCS connection support long message types?
- */
- bool has_long;
-
- /**
- * Does the TNCCS connection support exclusive delivery?
- */
- bool has_excl;
-
- /**
- * Maximum PA-TNC message size for this TNCCS connection
- */
- uint32_t max_msg_len;
-
- /**
- * PA-TNC attribute segmentation contracts associated with TNCCS connection
- */
- seg_contract_manager_t *contracts;
-
- /**
- * Event ID Epoch
- */
- uint32_t eid_epoch;
-};
-
-METHOD(imc_state_t, get_connection_id, TNC_ConnectionID,
- private_imc_swid_state_t *this)
-{
- return this->connection_id;
-}
-
-METHOD(imc_state_t, has_long, bool,
- private_imc_swid_state_t *this)
-{
- return this->has_long;
-}
-
-METHOD(imc_state_t, has_excl, bool,
- private_imc_swid_state_t *this)
-{
- return this->has_excl;
-}
-
-METHOD(imc_state_t, set_flags, void,
- private_imc_swid_state_t *this, bool has_long, bool has_excl)
-{
- this->has_long = has_long;
- this->has_excl = has_excl;
-}
-
-METHOD(imc_state_t, set_max_msg_len, void,
- private_imc_swid_state_t *this, uint32_t max_msg_len)
-{
- this->max_msg_len = max_msg_len;
-}
-
-METHOD(imc_state_t, get_max_msg_len, uint32_t,
- private_imc_swid_state_t *this)
-{
- return this->max_msg_len;
-}
-
-METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
- private_imc_swid_state_t *this)
-{
- return this->contracts;
-}
-
-METHOD(imc_state_t, change_state, void,
- private_imc_swid_state_t *this, TNC_ConnectionState new_state)
-{
- this->state = new_state;
-}
-
-METHOD(imc_state_t, set_result, void,
- private_imc_swid_state_t *this, TNC_IMCID id,
- TNC_IMV_Evaluation_Result result)
-{
- this->result = result;
-}
-
-METHOD(imc_state_t, get_result, bool,
- private_imc_swid_state_t *this, TNC_IMCID id,
- TNC_IMV_Evaluation_Result *result)
-{
- if (result)
- {
- *result = this->result;
- }
- return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
-}
-
-METHOD(imc_state_t, destroy, void,
- private_imc_swid_state_t *this)
-{
- this->contracts->destroy(this->contracts);
- free(this);
-}
-
-METHOD(imc_swid_state_t, get_eid_epoch, uint32_t,
- private_imc_swid_state_t *this)
-{
- return this->eid_epoch;
-}
-
-/**
- * Described in header.
- */
-imc_state_t *imc_swid_state_create(TNC_ConnectionID connection_id)
-{
- private_imc_swid_state_t *this;
- uint32_t eid_epoch;
- nonce_gen_t *ng;
-
- ng = lib->crypto->create_nonce_gen(lib->crypto);
- if (!ng || !ng->get_nonce(ng, 4, (uint8_t*)&eid_epoch))
- {
- DBG1(DBG_TNC, "failed to generate random EID epoch value");
- DESTROY_IF(ng);
- return NULL;
- }
- ng->destroy(ng);
-
- DBG1(DBG_IMC, "creating random EID epoch 0x%08x", eid_epoch);
-
- INIT(this,
- .public = {
- .interface = {
- .get_connection_id = _get_connection_id,
- .has_long = _has_long,
- .has_excl = _has_excl,
- .set_flags = _set_flags,
- .set_max_msg_len = _set_max_msg_len,
- .get_max_msg_len = _get_max_msg_len,
- .get_contracts = _get_contracts,
- .change_state = _change_state,
- .set_result = _set_result,
- .get_result = _get_result,
- .destroy = _destroy,
- },
- .get_eid_epoch = _get_eid_epoch,
- },
- .state = TNC_CONNECTION_STATE_CREATE,
- .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
- .connection_id = connection_id,
- .contracts = seg_contract_manager_create(),
- .eid_epoch = eid_epoch,
- );
-
-
- return &this->public.interface;
-}
-
-
diff --git a/src/libimcv/plugins/imc_swid/imc_swid_state.h b/src/libimcv/plugins/imc_swid/imc_swid_state.h
deleted file mode 100644
index c658549c8..000000000
--- a/src/libimcv/plugins/imc_swid/imc_swid_state.h
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright (C) 2013 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imc_swid imc_swid
- * @ingroup libimcv_plugins
- *
- * @defgroup imc_swid_state_t imc_swid_state
- * @{ @ingroup imc_swid
- */
-
-#ifndef IMC_SWID_STATE_H_
-#define IMC_SWID_STATE_H_
-
-#include <imc/imc_state.h>
-#include <library.h>
-
-typedef struct imc_swid_state_t imc_swid_state_t;
-
-/**
- * Internal state of an imc_swid_t connection instance
- */
-struct imc_swid_state_t {
-
- /**
- * imc_state_t interface
- */
- imc_state_t interface;
-
- /**
- * Get Event ID Epoch
- *
- * @return Event ID Epoch
- */
- uint32_t (*get_eid_epoch)(imc_swid_state_t *this);
-
-};
-
-/**
- * Create an imc_swid_state_t instance
- *
- * @param id connection ID
- */
-imc_state_t* imc_swid_state_create(TNC_ConnectionID id);
-
-#endif /** IMC_SWID_STATE_H_ @}*/
diff --git a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-3.swidtag b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-3.swidtag
deleted file mode 100644
index 4ce168623..000000000
--- a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-3.swidtag
+++ /dev/null
@@ -1,11 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<SoftwareIdentity
- name="strongSwan"
- tagId="strongSwan-5-6-3"
- version="5.6.3" versionScheme="alphanumeric"
- xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
- <Entity
- name="strongSwan Project"
- regid="strongswan.org"
- role="softwareCreator licensor tagCreator"/>
-</SoftwareIdentity>
diff --git a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan.swidtag.in b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan.swidtag.in
deleted file mode 100644
index 0e5aa8d4d..000000000
--- a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan.swidtag.in
+++ /dev/null
@@ -1,11 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<SoftwareIdentity
- name="strongSwan"
- tagId="strongSwan-@VERSION_MAJOR@-@VERSION_MINOR@-@VERSION_BUILD@@VERSION_REVIEW@"
- version="@VERSION_MAJOR@.@VERSION_MINOR@.@VERSION_BUILD@@VERSION_REVIEW@" versionScheme="alphanumeric"
- xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
- <Entity
- name="strongSwan Project"
- regid="strongswan.org"
- role="softwareCreator licensor tagCreator"/>
-</SoftwareIdentity>
diff --git a/src/libimcv/plugins/imc_swima/Makefile.am b/src/libimcv/plugins/imc_swima/Makefile.am
index 4a29e7949..e31f98d33 100644
--- a/src/libimcv/plugins/imc_swima/Makefile.am
+++ b/src/libimcv/plugins/imc_swima/Makefile.am
@@ -19,11 +19,13 @@ $(swid_tag) : $(regid)__strongSwan.swidtag.in
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv
+ -I$(top_srcdir)/src/libimcv \
+ -DSW_COLLECTOR=\"${prefix}/sbin/sw-collector\"
AM_CFLAGS = \
$(PLUGIN_CFLAGS) $(json_CFLAGS)
+
imcv_LTLIBRARIES = imc-swima.la
imc_swima_la_LIBADD = \
diff --git a/src/libimcv/plugins/imc_swima/Makefile.in b/src/libimcv/plugins/imc_swima/Makefile.in
index ed2191921..62805151e 100644
--- a/src/libimcv/plugins/imc_swima/Makefile.in
+++ b/src/libimcv/plugins/imc_swima/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
@@ -460,7 +461,8 @@ CLEANFILES = $(regid)__strongSwan*.swidtag
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv
+ -I$(top_srcdir)/src/libimcv \
+ -DSW_COLLECTOR=\"${prefix}/sbin/sw-collector\"
AM_CFLAGS = \
$(PLUGIN_CFLAGS) $(json_CFLAGS)
diff --git a/src/libimcv/plugins/imc_swima/imc_swima.c b/src/libimcv/plugins/imc_swima/imc_swima.c
index 67080e050..be258d335 100644
--- a/src/libimcv/plugins/imc_swima/imc_swima.c
+++ b/src/libimcv/plugins/imc_swima/imc_swima.c
@@ -30,6 +30,17 @@
#include <pen/pen.h>
#include <utils/debug.h>
+#include <errno.h>
+#include <poll.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/inotify.h>
+#include <unistd.h>
+
+#ifndef SW_COLLECTOR
+#define SW_COLLECTOR NULL
+#endif
+
/* IMC definitions */
static const char imc_name[] = "SWIMA";
@@ -68,6 +79,75 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
}
/**
+ * Poll for IN_CLOSE_WRITE event on the apt history.log
+ */
+static bool poll_history_log(void)
+{
+ int fd, wd, res;
+ nfds_t nfds;
+ struct pollfd fds[1];
+ char *history_path;
+ bool success = FALSE;
+
+ history_path = lib->settings->get_str(lib->settings, "sw-collector.history",
+ NULL);
+ if (!history_path)
+ {
+ DBG1(DBG_IMC, "sw-collector.history path not set");
+ return FALSE;
+ }
+
+ /* Create the file descriptor for accessing the inotify API */
+ fd = inotify_init1(IN_NONBLOCK);
+ if (fd == -1)
+ {
+ DBG1(DBG_IMC, "inotify file descriptor could not be created");
+ return FALSE;
+ }
+
+ /* Watch for CLOSE_WRITE events on history log */
+ wd = inotify_add_watch(fd, history_path, IN_CLOSE_WRITE);
+ if (wd == -1)
+ {
+ DBG1(DBG_IMC, "cannot watch '%s'", history_path);
+ goto end;
+ }
+
+ /* Prepare for polling */
+ nfds = 1;
+
+ /* Inotify input */
+ fds[0].fd = fd;
+ fds[0].events = POLLIN;
+
+ while (1)
+ {
+ DBG1(DBG_IMC, " waiting for write event on history.log ...");
+
+ res = poll(fds, nfds, -1);
+ if (res == -1)
+ {
+ DBG1(DBG_IMC, " poll failed: %s", strerror(errno));
+ if (errno == EINTR)
+ {
+ continue;
+ }
+ goto end;
+ }
+ if (res > 0 && fds[0].revents & POLLIN)
+ {
+ DBG1(DBG_IMC, " poll successful");
+ success = TRUE;
+ break;
+ }
+ }
+
+end:
+ close(fd);
+ return success;
+}
+
+/**
* see section 3.8.2 of TCG TNC IF-IMC Specification 1.3
*/
TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
@@ -75,6 +155,11 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
TNC_ConnectionState new_state)
{
imc_state_t *state;
+ imc_swima_state_t *swima_state;
+ imc_swima_subscription_t *subscription;
+ TNC_IMV_Evaluation_Result res;
+ TNC_Result result;
+ uint32_t eid, eid_epoch;
if (!imc_swima)
{
@@ -86,14 +171,42 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
case TNC_CONNECTION_STATE_CREATE:
state = imc_swima_state_create(connection_id);
return imc_swima->create_state(imc_swima, state);
- case TNC_CONNECTION_STATE_HANDSHAKE:
- if (imc_swima->change_state(imc_swima, connection_id, new_state,
- &state) != TNC_RESULT_SUCCESS)
+ case TNC_CONNECTION_STATE_ACCESS_ALLOWED:
+ case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
+ case TNC_CONNECTION_STATE_ACCESS_NONE:
+ /* get updated IMC state */
+ result = imc_swima->change_state(imc_swima, connection_id,
+ new_state, &state);
+ if (result != TNC_RESULT_SUCCESS)
{
return TNC_RESULT_FATAL;
}
- state->set_result(state, imc_id,
- TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
+ swima_state = (imc_swima_state_t*)state;
+
+ /* do a handshake retry? */
+ if (swima_state->get_subscription(swima_state, &subscription))
+ {
+ /* update earliest EID in subscription target */
+ if (state->get_result(state, imc_id, &res) &&
+ res == TNC_IMV_EVALUATION_RESULT_COMPLIANT)
+ {
+ eid = subscription->targets->get_eid(subscription->targets,
+ &eid_epoch);
+ if (eid > 0)
+ {
+ eid = swima_state->get_earliest_eid(swima_state);
+ subscription->targets->set_eid(subscription->targets, eid,
+ eid_epoch);
+ }
+ }
+ DBG1(DBG_IMC, "SWIMA subscription %u:", subscription->request_id);
+ if (!poll_history_log())
+ {
+ return TNC_RESULT_FATAL;
+ }
+ return imc_swima->request_handshake_retry(imc_id, connection_id,
+ TNC_RETRY_REASON_IMC_PERIODIC);
+ }
return TNC_RESULT_SUCCESS;
case TNC_CONNECTION_STATE_DELETE:
return imc_swima->delete_state(imc_swima, connection_id);
@@ -104,61 +217,11 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
}
/**
- * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
- TNC_ConnectionID connection_id)
-{
- imc_state_t *state;
- imc_msg_t *out_msg;
- pa_tnc_attr_t *attr;
- seg_contract_t *contract;
- seg_contract_manager_t *contracts;
- size_t max_attr_size = SWIMA_MAX_ATTR_SIZE;
- size_t max_seg_size;
- char buf[BUF_LEN];
- TNC_Result result = TNC_RESULT_SUCCESS;
-
- if (!imc_swima)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- if (!imc_swima->get_state(imc_swima, connection_id, &state))
- {
- return TNC_RESULT_FATAL;
- }
-
- /* Determine maximum PA-TNC attribute segment size */
- max_seg_size = state->get_max_msg_len(state) - PA_TNC_HEADER_SIZE
- - PA_TNC_ATTR_HEADER_SIZE
- - TCG_SEG_ATTR_SEG_ENV_HEADER;
-
- /* Announce support of PA-TNC segmentation to IMV */
- contract = seg_contract_create(msg_types[0], max_attr_size, max_seg_size,
- TRUE, imc_id, TRUE);
- contract->get_info_string(contract, buf, BUF_LEN, TRUE);
- DBG2(DBG_IMC, "%s", buf);
- contracts = state->get_contracts(state);
- contracts->add_contract(contracts, contract);
- attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE);
-
- /* send PA-TNC message with the excl flag not set */
- out_msg = imc_msg_create(imc_swima, state, connection_id, imc_id,
- TNC_IMVID_ANY, msg_types[0]);
- out_msg->add_attribute(out_msg, attr);
- result = out_msg->send(out_msg, FALSE);
- out_msg->destroy(out_msg);
-
- return result;
-}
-
-/**
* Add SWID Inventory or Event attribute to the send queue
*/
static void fulfill_request(imc_state_t *state, imc_msg_t *msg,
- uint32_t request_id, bool sw_id_only,
- swima_inventory_t *targets)
+ uint32_t request_id, bool sw_id_only,
+ swima_inventory_t *targets)
{
pa_tnc_attr_t *attr;
swima_collector_t *collector;
@@ -174,6 +237,8 @@ static void fulfill_request(imc_state_t *state, imc_msg_t *msg,
{
swima_events_t *sw_ev;
ietf_swima_attr_sw_ev_t *sw_ev_attr;
+ imc_swima_state_t *swima_state;
+ uint32_t eid_epoch, last_eid = 0;
sw_ev = collector->collect_events(collector, sw_id_only, targets);
if (!sw_ev)
@@ -185,8 +250,14 @@ static void fulfill_request(imc_state_t *state, imc_msg_t *msg,
}
else {
items = sw_ev->get_count(sw_ev);
- DBG1(DBG_IMC, "collected %d SW%s event%s", items, id_str,
- items == 1 ? "" : "s");
+ last_eid = sw_ev->get_eid(sw_ev, &eid_epoch, NULL);
+
+ DBG1(DBG_IMC, "collected %d SW%s event%s at last eid %d of epoch 0x%08x",
+ items, id_str, items == 1 ? "" : "s", last_eid, eid_epoch);
+
+ /* Store the earliest EID for the next subscription round */
+ swima_state = (imc_swima_state_t*)state;
+ swima_state->set_earliest_eid(swima_state, last_eid + 1);
/* Send an IETF SW [Identity] Events attribute */
attr = ietf_swima_attr_sw_ev_create(IETF_SWIMA_ATTR_SW_INV_FLAG_NONE,
@@ -226,9 +297,78 @@ static void fulfill_request(imc_state_t *state, imc_msg_t *msg,
collector->destroy(collector);
}
+/**
+ * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3
+ */
+TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
+ TNC_ConnectionID connection_id)
+{
+ imc_state_t *state;
+ imc_swima_state_t *swima_state;
+ imc_msg_t *out_msg;
+ pa_tnc_attr_t *attr;
+ seg_contract_t *contract;
+ seg_contract_manager_t *contracts;
+ imc_swima_subscription_t *subscription;
+ size_t max_attr_size = SWIMA_MAX_ATTR_SIZE;
+ size_t max_seg_size;
+ char buf[BUF_LEN];
+ TNC_Result result = TNC_RESULT_SUCCESS;
+
+ if (!imc_swima)
+ {
+ DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
+ return TNC_RESULT_NOT_INITIALIZED;
+ }
+ if (!imc_swima->get_state(imc_swima, connection_id, &state))
+ {
+ return TNC_RESULT_FATAL;
+ }
+ swima_state = (imc_swima_state_t*)state;
+
+ if (swima_state->get_subscription(swima_state, &subscription))
+ {
+ if (system(SW_COLLECTOR) != 0)
+ {
+ DBG1(DBG_IMC, "calling %s failed", SW_COLLECTOR);
+ return TNC_RESULT_FATAL;
+ }
+ out_msg = imc_msg_create(imc_swima, state, connection_id, imc_id,
+ subscription->imv_id, msg_types[0]);
+ fulfill_request(state, out_msg, subscription->request_id,
+ subscription->sw_id_only, subscription->targets);
+ }
+ else
+ {
+ /* Determine maximum PA-TNC attribute segment size */
+ max_seg_size = state->get_max_msg_len(state) - PA_TNC_HEADER_SIZE
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_SEG_ENV_HEADER;
+
+ /* Announce support of PA-TNC segmentation to IMV */
+ contract = seg_contract_create(msg_types[0], max_attr_size, max_seg_size,
+ TRUE, imc_id, TRUE);
+ contract->get_info_string(contract, buf, BUF_LEN, TRUE);
+ DBG2(DBG_IMC, "%s", buf);
+ contracts = state->get_contracts(state);
+ contracts->add_contract(contracts, contract);
+ attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE);
+
+ /* send PA-TNC message with the excl flag not set */
+ out_msg = imc_msg_create(imc_swima, state, connection_id, imc_id,
+ TNC_IMVID_ANY, msg_types[0]);
+ out_msg->add_attribute(out_msg, attr);
+ }
+ result = out_msg->send(out_msg, FALSE);
+ out_msg->destroy(out_msg);
+
+ return result;
+}
+
static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
{
imc_msg_t *out_msg;
+ imc_swima_state_t *swima_state;
pa_tnc_attr_t *attr;
enumerator_t *enumerator;
pen_type_t type;
@@ -255,7 +395,6 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
uint32_t request_id;
bool sw_id_only;
swima_inventory_t *targets;
-
type = attr->get_type(attr);
if (type.vendor_id != PEN_IETF || type.type != IETF_ATTR_SWIMA_REQUEST)
@@ -267,15 +406,55 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
flags = attr_req->get_flags(attr_req);
request_id = attr_req->get_request_id(attr_req);
targets = attr_req->get_targets(attr_req);
+ sw_id_only = (flags & IETF_SWIMA_ATTR_REQ_FLAG_R);
if (flags & (IETF_SWIMA_ATTR_REQ_FLAG_S | IETF_SWIMA_ATTR_REQ_FLAG_C))
{
- attr = swima_error_create(PA_ERROR_SWIMA_SUBSCRIPTION_DENIED,
- request_id, 0, "no subscription available yet");
- out_msg->add_attribute(out_msg, attr);
- break;
+ if (imc_swima->has_pt_tls(imc_swima) &&
+ lib->settings->get_bool(lib->settings,
+ "%s.plugins.imc-swima.subscriptions", FALSE, lib->ns))
+ {
+ imc_swima_subscription_t *subscription;
+
+ swima_state = (imc_swima_state_t*)state;
+
+ if (flags & IETF_SWIMA_ATTR_REQ_FLAG_C)
+ {
+ if (swima_state->get_subscription(swima_state, &subscription))
+ {
+ DBG1(DBG_IMC, "SWIMA subscription %u cleared",
+ subscription->request_id);
+ swima_state->set_subscription(swima_state, NULL, FALSE);
+ }
+ }
+ else
+ {
+ INIT(subscription,
+ .imv_id = in_msg->get_src_id(in_msg),
+ .request_id = request_id,
+ .targets = targets->get_ref(targets),
+ .sw_id_only = sw_id_only,
+ );
+
+ swima_state->set_subscription(swima_state, subscription,
+ TRUE);
+ DBG1(DBG_IMC, "SWIMA subscription %u established",
+ subscription->request_id);
+ if (system(SW_COLLECTOR) != 0)
+ {
+ DBG1(DBG_IMC, "calling %s failed", SW_COLLECTOR);
+ out_msg->destroy(out_msg);
+ return TNC_RESULT_FATAL;
+ }
+ }
+ }
+ else
+ {
+ attr = swima_error_create(PA_ERROR_SWIMA_SUBSCRIPTION_DENIED,
+ request_id, 0, "subscriptions not enabled");
+ out_msg->add_attribute(out_msg, attr);
+ }
}
- sw_id_only = (flags & IETF_SWIMA_ATTR_REQ_FLAG_R);
fulfill_request(state, out_msg, request_id, sw_id_only, targets);
break;
diff --git a/src/libimcv/plugins/imc_swima/imc_swima_state.c b/src/libimcv/plugins/imc_swima/imc_swima_state.c
index 70b2434a4..55d887055 100644
--- a/src/libimcv/plugins/imc_swima/imc_swima_state.c
+++ b/src/libimcv/plugins/imc_swima/imc_swima_state.c
@@ -65,8 +65,33 @@ struct private_imc_swima_state_t {
* PA-TNC attribute segmentation contracts associated with TNCCS connection
*/
seg_contract_manager_t *contracts;
+
+ /**
+ * Has a subscription been established?
+ */
+ bool has_subscription;
+
+ /**
+ * State information on subscriptions
+ */
+ imc_swima_subscription_t *subscription;
+
+ /**
+ * Earliest EID for the next subscription round
+ */
+ uint32_t earliest_eid;
+
};
+static void free_subscription(imc_swima_subscription_t *this)
+{
+ if (this)
+ {
+ this->targets->destroy(this->targets);
+ free(this);
+ }
+}
+
METHOD(imc_state_t, get_connection_id, TNC_ConnectionID,
private_imc_swima_state_t *this)
{
@@ -110,10 +135,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
return this->contracts;
}
-METHOD(imc_state_t, change_state, void,
+METHOD(imc_state_t, change_state, TNC_ConnectionState,
private_imc_swima_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imc_state_t, set_result, void,
@@ -134,13 +163,59 @@ METHOD(imc_state_t, get_result, bool,
return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
}
+METHOD(imc_state_t, reset, void,
+ private_imc_swima_state_t *this)
+{
+ this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+}
+
METHOD(imc_state_t, destroy, void,
private_imc_swima_state_t *this)
{
+ free(this->subscription);
this->contracts->destroy(this->contracts);
free(this);
}
+METHOD(imc_swima_state_t, set_subscription, void,
+ private_imc_swima_state_t *this, imc_swima_subscription_t *subscription,
+ bool set)
+{
+ free_subscription(this->subscription);
+ this->has_subscription = set;
+
+ if (set)
+ {
+ this->subscription = subscription;
+ }
+ else
+ {
+ this->subscription = NULL;
+ }
+}
+
+METHOD(imc_swima_state_t, get_subscription, bool,
+ private_imc_swima_state_t *this, imc_swima_subscription_t **subscription)
+{
+ if (subscription)
+ {
+ *subscription = this->subscription;
+ }
+ return this->has_subscription;
+}
+
+METHOD(imc_swima_state_t, set_earliest_eid, void,
+ private_imc_swima_state_t *this, uint32_t eid)
+{
+ this->earliest_eid = eid;
+}
+
+METHOD(imc_swima_state_t, get_earliest_eid, uint32_t,
+ private_imc_swima_state_t *this)
+{
+ return this->earliest_eid;
+}
+
/**
* Described in header.
*/
@@ -161,15 +236,20 @@ imc_state_t *imc_swima_state_create(TNC_ConnectionID connection_id)
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
+ .reset = _reset,
.destroy = _destroy,
},
+ .set_subscription = _set_subscription,
+ .get_subscription = _get_subscription,
+ .set_earliest_eid = _set_earliest_eid,
+ .get_earliest_eid = _get_earliest_eid,
},
.state = TNC_CONNECTION_STATE_CREATE,
.result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
.contracts = seg_contract_manager_create(),
);
-
+
return &this->public.interface;
}
diff --git a/src/libimcv/plugins/imc_swima/imc_swima_state.h b/src/libimcv/plugins/imc_swima/imc_swima_state.h
index 4e4e3b1bf..92a674ff8 100644
--- a/src/libimcv/plugins/imc_swima/imc_swima_state.h
+++ b/src/libimcv/plugins/imc_swima/imc_swima_state.h
@@ -25,9 +25,38 @@
#define IMC_SWIMA_STATE_H_
#include <imc/imc_state.h>
+#include <swima/swima_inventory.h>
#include <library.h>
typedef struct imc_swima_state_t imc_swima_state_t;
+typedef struct imc_swima_subscription_t imc_swima_subscription_t;
+
+/**
+ * State information on subscriptions
+ */
+struct imc_swima_subscription_t {
+
+ /**
+ * IMV which sent the subscription request
+ */
+ TNC_IMVID imv_id;
+
+ /**
+ * SWIMA Request ID
+ */
+ uint32_t request_id;
+
+ /**
+ * SWIMA Request targets
+ */
+ swima_inventory_t *targets;
+
+ /**
+ * Retrieve SW Identifieres only
+ */
+ bool sw_id_only;
+
+};
/**
* Internal state of an imc_swima_t connection instance
@@ -39,6 +68,37 @@ struct imc_swima_state_t {
*/
imc_state_t interface;
+ /**
+ * Set or clear a subscription
+ *
+ * @param subscription state information on subscription
+ * @param set TRUE sets and FALSE clears a subscripton
+ */
+ void (*set_subscription)(imc_swima_state_t *this,
+ imc_swima_subscription_t *subscription, bool set);
+
+ /**
+ * Get the subscription status
+ *
+ * @param subscription state information on subscription
+ * @return TRUE if subscription is set
+ */
+ bool (*get_subscription)(imc_swima_state_t *this,
+ imc_swima_subscription_t**subscription);
+
+ /**
+ * Set the earliest EID for the next subscription round
+ *
+ * @param eid Earliest EID for events or 0 for inventories
+ */
+ void (*set_earliest_eid)(imc_swima_state_t *this, uint32_t eid);
+
+ /**
+ * Get earliest EID for the next subscription round
+ *
+ * @return Earliest EID for events or 0 for inventories
+ */
+ uint32_t (*get_earliest_eid)(imc_swima_state_t *this);
};
/**
diff --git a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-3.swidtag b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-7-0.swidtag
index 4ce168623..fa6e121b5 100644
--- a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-3.swidtag
+++ b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-7-0.swidtag
@@ -1,8 +1,8 @@
<?xml version="1.0" encoding="utf-8"?>
<SoftwareIdentity
name="strongSwan"
- tagId="strongSwan-5-6-3"
- version="5.6.3" versionScheme="alphanumeric"
+ tagId="strongSwan-5-7-0"
+ version="5.7.0" versionScheme="alphanumeric"
xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
<Entity
name="strongSwan Project"
diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in
index fc6d2f6fb..2231f93bc 100644
--- a/src/libimcv/plugins/imc_test/Makefile.in
+++ b/src/libimcv/plugins/imc_test/Makefile.in
@@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -334,6 +333,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -354,8 +355,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -410,8 +409,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -440,8 +437,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imc_test/imc_test_state.c b/src/libimcv/plugins/imc_test/imc_test_state.c
index 047c82502..86d59a76a 100644
--- a/src/libimcv/plugins/imc_test/imc_test_state.c
+++ b/src/libimcv/plugins/imc_test/imc_test_state.c
@@ -141,10 +141,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
return this->contracts;
}
-METHOD(imc_state_t, change_state, void,
+METHOD(imc_state_t, change_state, TNC_ConnectionState,
private_imc_test_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imc_state_t, set_result, void,
@@ -202,6 +206,12 @@ METHOD(imc_state_t, get_result, bool,
return eval != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
}
+METHOD(imc_state_t, reset, void,
+ private_imc_test_state_t *this)
+{
+ /* nothing to reset */
+}
+
METHOD(imc_state_t, destroy, void,
private_imc_test_state_t *this)
{
@@ -277,6 +287,7 @@ imc_state_t *imc_test_state_create(TNC_ConnectionID connection_id,
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
+ .reset = _reset,
.destroy = _destroy,
},
.get_command = _get_command,
diff --git a/src/libimcv/plugins/imv_attestation/Makefile.in b/src/libimcv/plugins/imv_attestation/Makefile.in
index f9eb9d6ed..98930d3f3 100644
--- a/src/libimcv/plugins/imv_attestation/Makefile.in
+++ b/src/libimcv/plugins/imv_attestation/Makefile.in
@@ -322,7 +322,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -348,6 +347,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -368,8 +369,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -424,8 +423,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -454,8 +451,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imv_attestation/attest_db.c b/src/libimcv/plugins/imv_attestation/attest_db.c
index fb894f393..bc435df7f 100644
--- a/src/libimcv/plugins/imv_attestation/attest_db.c
+++ b/src/libimcv/plugins/imv_attestation/attest_db.c
@@ -187,7 +187,7 @@ char* print_cfn(pts_comp_func_name_t *cfn)
int type, vid, name, qualifier, n;
enum_name_t *names, *types;
- vid = cfn->get_vendor_id(cfn),
+ vid = cfn->get_vendor_id(cfn);
name = cfn->get_name(cfn);
qualifier = cfn->get_qualifier(cfn);
n = snprintf(buf, BUF_LEN, "0x%06x/0x%08x-0x%02x", vid, name, qualifier);
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_state.c b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c
index d63940797..3d9e0ab1f 100644
--- a/src/libimcv/plugins/imv_attestation/imv_attestation_state.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c
@@ -250,10 +250,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
return this->contracts;
}
-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
private_imv_attestation_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imv_state_t, get_recommendation, void,
@@ -338,6 +342,24 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
return FALSE;
}
+METHOD(imv_state_t, reset, void,
+ private_imv_attestation_state_t *this)
+{
+ DESTROY_IF(this->reason_string);
+ this->reason_string = NULL;
+ this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+ this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+ this->action_flags = 0;
+
+ this->handshake_state = IMV_ATTESTATION_STATE_INIT;
+ this->measurement_error = 0;
+ this->components->destroy_function(this->components, (void *)free_func_comp);
+ this->components = linked_list_create();
+ this->pts->destroy(this->pts);
+ this->pts = pts_create(FALSE);
+}
+
METHOD(imv_state_t, destroy, void,
private_imv_attestation_state_t *this)
{
@@ -532,6 +554,7 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
.update_recommendation = _update_recommendation,
.get_reason_string = _get_reason_string,
.get_remediation_instructions = _get_remediation_instructions,
+ .reset = _reset,
.destroy = _destroy,
},
.get_handshake_state = _get_handshake_state,
diff --git a/src/libimcv/plugins/imv_hcd/Makefile.in b/src/libimcv/plugins/imv_hcd/Makefile.in
index 99bf6d916..7bf503e0c 100644
--- a/src/libimcv/plugins/imv_hcd/Makefile.in
+++ b/src/libimcv/plugins/imv_hcd/Makefile.in
@@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -334,6 +333,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -354,8 +355,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -410,8 +409,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -440,8 +437,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imv_hcd/imv_hcd_state.c b/src/libimcv/plugins/imv_hcd/imv_hcd_state.c
index bfe6dd619..e2b6eaed9 100644
--- a/src/libimcv/plugins/imv_hcd/imv_hcd_state.c
+++ b/src/libimcv/plugins/imv_hcd/imv_hcd_state.c
@@ -213,10 +213,14 @@ METHOD(imv_state_t, update_recommendation, void,
this->eval = tncif_policy_update_evaluation(this->eval, eval);
}
-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
private_imv_hcd_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imv_state_t, get_reason_string, bool,
@@ -246,6 +250,24 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
return FALSE;
}
+METHOD(imv_state_t, reset, void,
+ private_imv_hcd_state_t *this)
+{
+ DESTROY_IF(this->reason_string);
+ this->reason_string = NULL;
+ this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+ this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+ this->handshake_state = IMV_HCD_STATE_INIT;
+ this->subtype_action_flags[0].action_flags = IMV_HCD_ATTR_NONE;
+ this->subtype_action_flags[1].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY;
+ this->subtype_action_flags[2].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY;
+ this->subtype_action_flags[3].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY;
+ this->subtype_action_flags[4].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY;
+ this->subtype_action_flags[5].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY;
+ this->action_flags = &this->subtype_action_flags[0].action_flags;
+}
+
METHOD(imv_state_t, destroy, void,
private_imv_hcd_state_t *this)
{
@@ -320,6 +342,7 @@ imv_state_t *imv_hcd_state_create(TNC_ConnectionID connection_id)
.update_recommendation = _update_recommendation,
.get_reason_string = _get_reason_string,
.get_remediation_instructions = _get_remediation_instructions,
+ .reset = _reset,
.destroy = _destroy,
},
.set_handshake_state = _set_handshake_state,
diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in
index d5a6f07f1..4e8f8ea19 100644
--- a/src/libimcv/plugins/imv_os/Makefile.in
+++ b/src/libimcv/plugins/imv_os/Makefile.in
@@ -309,7 +309,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -335,6 +334,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -355,8 +356,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -411,8 +410,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -441,8 +438,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imv_os/imv_os_agent.c b/src/libimcv/plugins/imv_os/imv_os_agent.c
index 3fa3d0965..bb1e8a806 100644
--- a/src/libimcv/plugins/imv_os/imv_os_agent.c
+++ b/src/libimcv/plugins/imv_os/imv_os_agent.c
@@ -539,7 +539,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
/* Determine maximum PA-TNC attribute segment size */
max_seg_size = state->get_max_msg_len(state)
- - PA_TNC_HEADER_SIZE
+ - PA_TNC_HEADER_SIZE
- PA_TNC_ATTR_HEADER_SIZE
- TCG_SEG_ATTR_SEG_ENV_HEADER;
@@ -614,7 +614,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
if (result != TNC_RESULT_SUCCESS)
{
return result;
- }
+ }
return this->agent->provide_recommendation(this->agent, state);
}
else
@@ -686,7 +686,6 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
{
continue;
}
- eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
switch (workitem->get_type(workitem))
{
@@ -721,7 +720,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
TNC_IMV_EVALUATION_RESULT_COMPLIANT;
snprintf(result_str, BUF_LEN, "unknown sources%s enabled",
fail ? "" : " not");
- break;
+ break;
case IMV_WORKITEM_FORWARDING:
if (!(received & IMV_OS_ATTR_FORWARDING_ENABLED))
{
@@ -749,14 +748,11 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
default:
continue;
}
- if (eval != TNC_IMV_EVALUATION_RESULT_DONT_KNOW)
- {
- session->remove_workitem(session, enumerator);
- rec = workitem->set_result(workitem, result_str, eval);
- state->update_recommendation(state, rec, eval);
- imcv_db->finalize_workitem(imcv_db, workitem);
- workitem->destroy(workitem);
- }
+ session->remove_workitem(session, enumerator);
+ rec = workitem->set_result(workitem, result_str, eval);
+ state->update_recommendation(state, rec, eval);
+ imcv_db->finalize_workitem(imcv_db, workitem);
+ workitem->destroy(workitem);
}
enumerator->destroy(enumerator);
@@ -772,7 +768,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
return result;
}
return this->agent->provide_recommendation(this->agent, state);
- }
+ }
}
/* send non-empty PA-TNC message with excl flag not set */
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c
index af5daf0fc..dd8fcf594 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.c
+++ b/src/libimcv/plugins/imv_os/imv_os_state.c
@@ -362,10 +362,14 @@ METHOD(imv_state_t, update_recommendation, void,
this->eval = tncif_policy_update_evaluation(this->eval, eval);
}
-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
private_imv_os_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imv_state_t, get_reason_string, bool,
@@ -466,6 +470,32 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
return TRUE;
}
+METHOD(imv_state_t, reset, void,
+ private_imv_os_state_t *this)
+{
+ DESTROY_IF(this->reason_string);
+ DESTROY_IF(this->remediation_string);
+ this->reason_string = NULL;
+ this->remediation_string = NULL;
+ this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+ this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+ this->action_flags = 0;
+
+ this->handshake_state = IMV_OS_STATE_INIT;
+ this->count = 0;
+ this->count_security = 0;
+ this->count_blacklist = 0;
+ this->count_ok = 0;
+ this->os_settings = 0;
+ this->missing = 0;
+
+ this->update_packages->destroy_function(this->update_packages, free);
+ this->remove_packages->destroy_function(this->remove_packages, free);
+ this->update_packages = linked_list_create();
+ this->remove_packages = linked_list_create();
+}
+
METHOD(imv_state_t, destroy, void,
private_imv_os_state_t *this)
{
@@ -590,6 +620,7 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id)
.update_recommendation = _update_recommendation,
.get_reason_string = _get_reason_string,
.get_remediation_instructions = _get_remediation_instructions,
+ .reset = _reset,
.destroy = _destroy,
},
.set_handshake_state = _set_handshake_state,
diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in
index 2649f499d..7c31a23fa 100644
--- a/src/libimcv/plugins/imv_scanner/Makefile.in
+++ b/src/libimcv/plugins/imv_scanner/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
index 8f9593f17..64ab5c4eb 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
@@ -222,10 +222,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
return this->contracts;
}
-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
private_imv_scanner_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imv_state_t, get_recommendation, void,
@@ -303,6 +307,26 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
return TRUE;
}
+METHOD(imv_state_t, reset, void,
+ private_imv_scanner_state_t *this)
+{
+ DESTROY_IF(this->reason_string);
+ DESTROY_IF(this->remediation_string);
+ this->reason_string = NULL;
+ this->remediation_string = NULL;
+ this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+ this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+ this->action_flags = 0;
+
+ this->handshake_state = IMV_SCANNER_STATE_INIT;
+
+ DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute);
+ this->port_filter_attr = NULL;
+ this->violating_ports->destroy_function(this->violating_ports, free);
+ this->violating_ports = linked_list_create();
+}
+
METHOD(imv_state_t, destroy, void,
private_imv_scanner_state_t *this)
{
@@ -373,6 +397,7 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
.update_recommendation = _update_recommendation,
.get_reason_string = _get_reason_string,
.get_remediation_instructions = _get_remediation_instructions,
+ .reset = _reset,
.destroy = _destroy,
},
.set_handshake_state = _set_handshake_state,
@@ -391,5 +416,3 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
return &this->public.interface;
}
-
-
diff --git a/src/libimcv/plugins/imv_swid/Makefile.am b/src/libimcv/plugins/imv_swid/Makefile.am
deleted file mode 100644
index e573ea0d8..000000000
--- a/src/libimcv/plugins/imv_swid/Makefile.am
+++ /dev/null
@@ -1,21 +0,0 @@
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libtpmtss \
- -I$(top_srcdir)/src/libimcv
-
-AM_CFLAGS = \
- $(PLUGIN_CFLAGS) $(json_CFLAGS)
-
-imcv_LTLIBRARIES = imv-swid.la
-
-imv_swid_la_LIBADD = \
- $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(json_LIBS)
-
-imv_swid_la_SOURCES = \
- imv_swid.c imv_swid_state.h imv_swid_state.c \
- imv_swid_agent.h imv_swid_agent.c
-
-imv_swid_la_LDFLAGS = -module -avoid-version -no-undefined
diff --git a/src/libimcv/plugins/imv_swid/imv_swid_agent.c b/src/libimcv/plugins/imv_swid/imv_swid_agent.c
deleted file mode 100644
index 2884a169c..000000000
--- a/src/libimcv/plugins/imv_swid/imv_swid_agent.c
+++ /dev/null
@@ -1,727 +0,0 @@
-/*
- * Copyright (C) 2013-2017 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define _GNU_SOURCE
-#include <stdio.h>
-
-#include "imv_swid_agent.h"
-#include "imv_swid_state.h"
-
-#include <imcv.h>
-#include <imv/imv_agent.h>
-#include <imv/imv_msg.h>
-#include <ietf/ietf_attr_pa_tnc_error.h>
-#include "rest/rest.h"
-#include "tcg/seg/tcg_seg_attr_max_size.h"
-#include "tcg/seg/tcg_seg_attr_seg_env.h"
-#include "tcg/swid/tcg_swid_attr_req.h"
-#include "tcg/swid/tcg_swid_attr_tag_inv.h"
-#include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
-#include "swid/swid_error.h"
-#include "swid/swid_inventory.h"
-
-#include <tncif_names.h>
-#include <tncif_pa_subtypes.h>
-
-#include <pen/pen.h>
-#include <utils/debug.h>
-#include <bio/bio_reader.h>
-
-typedef struct private_imv_swid_agent_t private_imv_swid_agent_t;
-
-/* Subscribed PA-TNC message subtypes */
-static pen_type_t msg_types[] = {
- { PEN_TCG, PA_SUBTYPE_TCG_SWID }
-};
-
-/**
- * Flag set when corresponding attribute has been received
- */
-enum imv_swid_attr_t {
- IMV_SWID_ATTR_TAG_INV = (1<<0),
- IMV_SWID_ATTR_TAG_ID_INV = (1<<1)
-};
-
-/**
- * Private data of an imv_swid_agent_t object.
- */
-struct private_imv_swid_agent_t {
-
- /**
- * Public members of imv_swid_agent_t
- */
- imv_agent_if_t public;
-
- /**
- * IMV agent responsible for generic functions
- */
- imv_agent_t *agent;
-
- /**
- * REST API to strongTNC manager
- */
- rest_t *rest_api;
-
-};
-
-METHOD(imv_agent_if_t, bind_functions, TNC_Result,
- private_imv_swid_agent_t *this, TNC_TNCS_BindFunctionPointer bind_function)
-{
- return this->agent->bind_functions(this->agent, bind_function);
-}
-
-METHOD(imv_agent_if_t, notify_connection_change, TNC_Result,
- private_imv_swid_agent_t *this, TNC_ConnectionID id,
- TNC_ConnectionState new_state)
-{
- imv_state_t *state;
-
- switch (new_state)
- {
- case TNC_CONNECTION_STATE_CREATE:
- state = imv_swid_state_create(id);
- return this->agent->create_state(this->agent, state);
- case TNC_CONNECTION_STATE_DELETE:
- return this->agent->delete_state(this->agent, id);
- default:
- return this->agent->change_state(this->agent, id, new_state, NULL);
- }
-}
-
-/**
- * Process a received message
- */
-static TNC_Result receive_msg(private_imv_swid_agent_t *this,
- imv_state_t *state, imv_msg_t *in_msg)
-{
- imv_swid_state_t *swid_state;
- imv_msg_t *out_msg;
- enumerator_t *enumerator;
- pa_tnc_attr_t *attr;
- TNC_Result result;
- bool fatal_error = FALSE;
-
- /* generate an outgoing PA-TNC message - we might need it */
- out_msg = imv_msg_create_as_reply(in_msg);
-
- /* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, out_msg, &fatal_error);
- if (result != TNC_RESULT_SUCCESS)
- {
- out_msg->destroy(out_msg);
- return result;
- }
-
- swid_state = (imv_swid_state_t*)state;
-
- /* analyze PA-TNC attributes */
- enumerator = in_msg->create_attribute_enumerator(in_msg);
- while (enumerator->enumerate(enumerator, &attr))
- {
- uint32_t request_id = 0, last_eid, eid_epoch;
- swid_inventory_t *inventory;
- pen_type_t type;
-
- type = attr->get_type(attr);
-
- if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PA_TNC_ERROR)
- {
- ietf_attr_pa_tnc_error_t *error_attr;
- pen_type_t error_code;
- chunk_t msg_info, description;
- bio_reader_t *reader;
- uint32_t max_attr_size;
- bool success;
-
- error_attr = (ietf_attr_pa_tnc_error_t*)attr;
- error_code = error_attr->get_error_code(error_attr);
-
- if (error_code.vendor_id == PEN_TCG)
- {
- fatal_error = TRUE;
- msg_info = error_attr->get_msg_info(error_attr);
- reader = bio_reader_create(msg_info);
- success = reader->read_uint32(reader, &request_id);
-
- DBG1(DBG_IMV, "received TCG error '%N' for request %d",
- swid_error_code_names, error_code.type, request_id);
- if (!success)
- {
- reader->destroy(reader);
- continue;
- }
- if (error_code.type == TCG_SWID_RESPONSE_TOO_LARGE)
- {
- if (!reader->read_uint32(reader, &max_attr_size))
- {
- reader->destroy(reader);
- continue;
- }
- DBG1(DBG_IMV, " maximum PA-TNC attribute size is %u bytes",
- max_attr_size);
- }
- description = reader->peek(reader);
- if (description.len)
- {
- DBG1(DBG_IMV, " description: %.*s", description.len,
- description.ptr);
- }
- reader->destroy(reader);
- }
- }
- else if (type.vendor_id != PEN_TCG)
- {
- continue;
- }
-
- switch (type.type)
- {
- case TCG_SWID_TAG_ID_INVENTORY:
- {
- tcg_swid_attr_tag_id_inv_t *attr_cast;
- uint32_t missing;
- int tag_id_count;
-
- state->set_action_flags(state, IMV_SWID_ATTR_TAG_ID_INV);
-
- attr_cast = (tcg_swid_attr_tag_id_inv_t*)attr;
- request_id = attr_cast->get_request_id(attr_cast);
- last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch);
- inventory = attr_cast->get_inventory(attr_cast);
- tag_id_count = inventory->get_count(inventory);
- missing = attr_cast->get_tag_id_count(attr_cast);
- swid_state->set_missing(swid_state, missing);
-
- DBG2(DBG_IMV, "received SWID tag ID inventory with %d item%s "
- "for request %d at eid %d of epoch 0x%08x, %d item%s to "
- "follow", tag_id_count, (tag_id_count == 1) ? "" : "s",
- request_id, last_eid, eid_epoch, missing,
- (missing == 1) ? "" : "s");
-
- if (request_id == swid_state->get_request_id(swid_state))
- {
- swid_state->set_swid_inventory(swid_state, inventory);
- swid_state->set_count(swid_state, tag_id_count, 0,
- in_msg->get_src_id(in_msg));
- }
- else
- {
- DBG1(DBG_IMV, "no workitem found for SWID tag ID inventory "
- "with request ID %d", request_id);
- }
- attr_cast->clear_inventory(attr_cast);
- break;
- }
- case TCG_SWID_TAG_INVENTORY:
- {
- tcg_swid_attr_tag_inv_t *attr_cast;
- swid_tag_t *tag;
- chunk_t tag_encoding;
- json_object *jobj, *jarray, *jstring;
- char *tag_str;
- uint32_t missing;
- int tag_count;
- enumerator_t *e;
-
- state->set_action_flags(state, IMV_SWID_ATTR_TAG_INV);
-
- attr_cast = (tcg_swid_attr_tag_inv_t*)attr;
- request_id = attr_cast->get_request_id(attr_cast);
- last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch);
- inventory = attr_cast->get_inventory(attr_cast);
- tag_count = inventory->get_count(inventory);
- missing = attr_cast->get_tag_count(attr_cast);
- swid_state->set_missing(swid_state, missing);
-
- DBG2(DBG_IMV, "received SWID tag inventory with %d item%s for "
- "request %d at eid %d of epoch 0x%08x, %d item%s to follow",
- tag_count, (tag_count == 1) ? "" : "s", request_id,
- last_eid, eid_epoch, missing, (missing == 1) ? "" : "s");
-
- if (request_id == swid_state->get_request_id(swid_state))
- {
- swid_state->set_count(swid_state, 0, tag_count,
- in_msg->get_src_id(in_msg));
-
- if (this->rest_api)
- {
- jobj = json_object_new_object();
- jarray = json_object_new_array();
- json_object_object_add(jobj, "data", jarray);
-
- e = inventory->create_enumerator(inventory);
- while (e->enumerate(e, &tag))
- {
- tag_encoding = tag->get_encoding(tag);
- tag_str = strndup(tag_encoding.ptr, tag_encoding.len);
- DBG3(DBG_IMV, "%s", tag_str);
- jstring = json_object_new_string(tag_str);
- json_object_array_add(jarray, jstring);
- free(tag_str);
- }
- e->destroy(e);
-
- if (this->rest_api->post(this->rest_api,
- "swid/add-tags/", jobj, NULL) != SUCCESS)
- {
- DBG1(DBG_IMV, "error in REST API add-tags request");
- }
- json_object_put(jobj);
- }
- }
- else
- {
- DBG1(DBG_IMV, "no workitem found for SWID tag inventory "
- "with request ID %d", request_id);
- }
- attr_cast->clear_inventory(attr_cast);
- break;
- }
- default:
- break;
- }
- }
- enumerator->destroy(enumerator);
-
- if (fatal_error)
- {
- state->set_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
- TNC_IMV_EVALUATION_RESULT_ERROR);
- result = out_msg->send_assessment(out_msg);
- if (result == TNC_RESULT_SUCCESS)
- {
- result = this->agent->provide_recommendation(this->agent, state);
- }
- }
- else
- {
- /* send PA-TNC message with the EXCL flag set */
- result = out_msg->send(out_msg, TRUE);
- }
- out_msg->destroy(out_msg);
-
- return result;
-}
-
-METHOD(imv_agent_if_t, receive_message, TNC_Result,
- private_imv_swid_agent_t *this, TNC_ConnectionID id,
- TNC_MessageType msg_type, chunk_t msg)
-{
- imv_state_t *state;
- imv_msg_t *in_msg;
- TNC_Result result;
-
- if (!this->agent->get_state(this->agent, id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- in_msg = imv_msg_create_from_data(this->agent, state, id, msg_type, msg);
- result = receive_msg(this, state, in_msg);
- in_msg->destroy(in_msg);
-
- return result;
-}
-
-METHOD(imv_agent_if_t, receive_message_long, TNC_Result,
- private_imv_swid_agent_t *this, TNC_ConnectionID id,
- TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id,
- TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype, chunk_t msg)
-{
- imv_state_t *state;
- imv_msg_t *in_msg;
- TNC_Result result;
-
- if (!this->agent->get_state(this->agent, id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- in_msg = imv_msg_create_from_long_data(this->agent, state, id,
- src_imc_id, dst_imv_id, msg_vid, msg_subtype, msg);
- result = receive_msg(this, state, in_msg);
- in_msg->destroy(in_msg);
-
- return result;
-
-}
-
-METHOD(imv_agent_if_t, batch_ending, TNC_Result,
- private_imv_swid_agent_t *this, TNC_ConnectionID id)
-{
- imv_msg_t *out_msg;
- imv_state_t *state;
- imv_session_t *session;
- imv_workitem_t *workitem;
- imv_swid_state_t *swid_state;
- imv_swid_handshake_state_t handshake_state;
- pa_tnc_attr_t *attr;
- TNC_IMVID imv_id;
- TNC_Result result = TNC_RESULT_SUCCESS;
- bool no_workitems = TRUE;
- uint32_t request_id, received;
- uint8_t flags;
- enumerator_t *enumerator;
-
- if (!this->agent->get_state(this->agent, id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- swid_state = (imv_swid_state_t*)state;
- handshake_state = swid_state->get_handshake_state(swid_state);
- session = state->get_session(state);
- imv_id = this->agent->get_id(this->agent);
-
- if (handshake_state == IMV_SWID_STATE_END)
- {
- return TNC_RESULT_SUCCESS;
- }
-
- /* Create an empty out message - we might need it */
- out_msg = imv_msg_create(this->agent, state, id, imv_id,
- swid_state->get_imc_id(swid_state),
- msg_types[0]);
-
- if (!imcv_db)
- {
- DBG2(DBG_IMV, "no workitems available - no evaluation possible");
- state->set_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
- TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
- result = out_msg->send_assessment(out_msg);
- out_msg->destroy(out_msg);
- swid_state->set_handshake_state(swid_state, IMV_SWID_STATE_END);
-
- if (result != TNC_RESULT_SUCCESS)
- {
- return result;
- }
- return this->agent->provide_recommendation(this->agent, state);
- }
-
- /* Look for SWID tag workitem and create SWID tag request */
- if (handshake_state == IMV_SWID_STATE_INIT &&
- session->get_policy_started(session))
- {
- size_t max_attr_size = SWID_MAX_ATTR_SIZE;
- size_t max_seg_size;
- seg_contract_t *contract;
- seg_contract_manager_t *contracts;
- char buf[BUF_LEN];
-
- enumerator = session->create_workitem_enumerator(session);
- if (enumerator)
- {
- while (enumerator->enumerate(enumerator, &workitem))
- {
- if (workitem->get_imv_id(workitem) != TNC_IMVID_ANY ||
- workitem->get_type(workitem) != IMV_WORKITEM_SWID_TAGS)
- {
- continue;
- }
-
- flags = TCG_SWID_ATTR_REQ_FLAG_NONE;
- if (strchr(workitem->get_arg_str(workitem), 'R'))
- {
- flags |= TCG_SWID_ATTR_REQ_FLAG_R;
- }
- if (strchr(workitem->get_arg_str(workitem), 'S'))
- {
- flags |= TCG_SWID_ATTR_REQ_FLAG_S;
- }
- if (strchr(workitem->get_arg_str(workitem), 'C'))
- {
- flags |= TCG_SWID_ATTR_REQ_FLAG_C;
- }
-
- /* Determine maximum PA-TNC attribute segment size */
- max_seg_size = state->get_max_msg_len(state)
- - PA_TNC_HEADER_SIZE
- - PA_TNC_ATTR_HEADER_SIZE
- - TCG_SEG_ATTR_SEG_ENV_HEADER;
-
- /* Announce support of PA-TNC segmentation to IMC */
- contract = seg_contract_create(msg_types[0], max_attr_size,
- max_seg_size, TRUE, imv_id, FALSE);
- contract->get_info_string(contract, buf, BUF_LEN, TRUE);
- DBG2(DBG_IMV, "%s", buf);
- contracts = state->get_contracts(state);
- contracts->add_contract(contracts, contract);
- attr = tcg_seg_attr_max_size_create(max_attr_size,
- max_seg_size, TRUE);
- out_msg->add_attribute(out_msg, attr);
-
- /* Issue a SWID request */
- request_id = workitem->get_id(workitem);
- swid_state->set_request_id(swid_state, request_id);
- attr = tcg_swid_attr_req_create(flags, request_id, 0);
- out_msg->add_attribute(out_msg, attr);
- workitem->set_imv_id(workitem, imv_id);
- no_workitems = FALSE;
- DBG2(DBG_IMV, "IMV %d issues SWID request %d",
- imv_id, request_id);
- break;
- }
- enumerator->destroy(enumerator);
-
- if (no_workitems)
- {
- DBG2(DBG_IMV, "IMV %d has no workitems - "
- "no evaluation requested", imv_id);
- state->set_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
- TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
- }
- handshake_state = IMV_SWID_STATE_WORKITEMS;
- swid_state->set_handshake_state(swid_state, handshake_state);
- }
- }
-
- received = state->get_action_flags(state);
-
- if (handshake_state == IMV_SWID_STATE_WORKITEMS &&
- (received & (IMV_SWID_ATTR_TAG_INV|IMV_SWID_ATTR_TAG_ID_INV)) &&
- swid_state->get_missing(swid_state) == 0)
- {
- TNC_IMV_Evaluation_Result eval;
- TNC_IMV_Action_Recommendation rec;
- char result_str[BUF_LEN], *error_str = "", *command;
- char *target, *separator;
- int tag_id_count, tag_count, i;
- chunk_t tag_creator, unique_sw_id;
- json_object *jrequest, *jresponse, *jvalue;
- tcg_swid_attr_req_t *cast_attr;
- swid_tag_id_t *tag_id;
- status_t status = SUCCESS;
-
- if (this->rest_api && (received & IMV_SWID_ATTR_TAG_ID_INV))
- {
- if (asprintf(&command, "sessions/%d/swid-measurement/",
- session->get_session_id(session, NULL, NULL)) < 0)
- {
- error_str = "allocation of command string failed";
- status = FAILED;
- }
- else
- {
- jrequest = swid_state->get_swid_inventory(swid_state);
- status = this->rest_api->post(this->rest_api, command,
- jrequest, &jresponse);
- if (status == FAILED)
- {
- error_str = "error in REST API swid-measurement request";
- }
- free(command);
- }
- }
-
- switch (status)
- {
- case SUCCESS:
- enumerator = session->create_workitem_enumerator(session);
- while (enumerator->enumerate(enumerator, &workitem))
- {
- if (workitem->get_type(workitem) == IMV_WORKITEM_SWID_TAGS)
- {
- swid_state->get_count(swid_state, &tag_id_count,
- &tag_count);
- snprintf(result_str, BUF_LEN, "received inventory of "
- "%d SWID tag ID%s and %d SWID tag%s",
- tag_id_count, (tag_id_count == 1) ? "" : "s",
- tag_count, (tag_count == 1) ? "" : "s");
- session->remove_workitem(session, enumerator);
-
- eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
- rec = workitem->set_result(workitem, result_str, eval);
- state->update_recommendation(state, rec, eval);
- imcv_db->finalize_workitem(imcv_db, workitem);
- workitem->destroy(workitem);
- break;
- }
- }
- enumerator->destroy(enumerator);
- break;
- case NEED_MORE:
- if (received & IMV_SWID_ATTR_TAG_INV)
- {
- error_str = "not all requested SWID tags were received";
- status = FAILED;
- json_object_put(jresponse);
- break;
- }
- if (json_object_get_type(jresponse) != json_type_array)
- {
- error_str = "response was not a json_array";
- status = FAILED;
- json_object_put(jresponse);
- break;
- }
-
- /* Create a TCG SWID Request attribute */
- attr = tcg_swid_attr_req_create(TCG_SWID_ATTR_REQ_FLAG_NONE,
- swid_state->get_request_id(swid_state), 0);
- tag_id_count = json_object_array_length(jresponse);
- DBG1(DBG_IMV, "%d SWID tag target%s", tag_id_count,
- (tag_id_count == 1) ? "" : "s");
- swid_state->set_missing(swid_state, tag_id_count);
-
- for (i = 0; i < tag_id_count; i++)
- {
- jvalue = json_object_array_get_idx(jresponse, i);
- if (json_object_get_type(jvalue) != json_type_string)
- {
- error_str = "json_string element expected in json_array";
- status = FAILED;
- json_object_put(jresponse);
- break;
- }
- target = (char*)json_object_get_string(jvalue);
- DBG1(DBG_IMV, " %s", target);
-
- /* Separate target into tag_creator and unique_sw_id */
- separator = strstr(target, "__");
- if (!separator)
- {
- error_str = "separation of regid from "
- "unique software ID failed";
- break;
- }
- tag_creator = chunk_create(target, separator - target);
- separator += 2;
- unique_sw_id = chunk_create(separator, strlen(target) -
- tag_creator.len - 2);
- tag_id = swid_tag_id_create(tag_creator, unique_sw_id,
- chunk_empty);
- cast_attr = (tcg_swid_attr_req_t*)attr;
- cast_attr->add_target(cast_attr, tag_id);
- }
- json_object_put(jresponse);
-
- out_msg->add_attribute(out_msg, attr);
- break;
- case FAILED:
- default:
- break;
- }
-
- if (status == FAILED)
- {
- enumerator = session->create_workitem_enumerator(session);
- while (enumerator->enumerate(enumerator, &workitem))
- {
- if (workitem->get_type(workitem) == IMV_WORKITEM_SWID_TAGS)
- {
- session->remove_workitem(session, enumerator);
- eval = TNC_IMV_EVALUATION_RESULT_ERROR;
- rec = workitem->set_result(workitem, error_str, eval);
- state->update_recommendation(state, rec, eval);
- imcv_db->finalize_workitem(imcv_db, workitem);
- workitem->destroy(workitem);
- break;
- }
- }
- enumerator->destroy(enumerator);
- }
- }
-
- /* finalized all workitems ? */
- if (handshake_state == IMV_SWID_STATE_WORKITEMS &&
- session->get_workitem_count(session, imv_id) == 0)
- {
- result = out_msg->send_assessment(out_msg);
- out_msg->destroy(out_msg);
- swid_state->set_handshake_state(swid_state, IMV_SWID_STATE_END);
-
- if (result != TNC_RESULT_SUCCESS)
- {
- return result;
- }
- return this->agent->provide_recommendation(this->agent, state);
- }
-
- /* send non-empty PA-TNC message with excl flag not set */
- if (out_msg->get_attribute_count(out_msg))
- {
- result = out_msg->send(out_msg, FALSE);
- }
- out_msg->destroy(out_msg);
-
- return result;
-}
-
-METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result,
- private_imv_swid_agent_t *this, TNC_ConnectionID id)
-{
- imv_state_t *state;
-
- if (!this->agent->get_state(this->agent, id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- return this->agent->provide_recommendation(this->agent, state);
-}
-
-METHOD(imv_agent_if_t, destroy, void,
- private_imv_swid_agent_t *this)
-{
- DESTROY_IF(this->rest_api);
- this->agent->destroy(this->agent);
- free(this);
-}
-
-/**
- * Described in header.
- */
-imv_agent_if_t *imv_swid_agent_create(const char *name, TNC_IMVID id,
- TNC_Version *actual_version)
-{
- private_imv_swid_agent_t *this;
- imv_agent_t *agent;
- char *rest_api_uri;
- u_int rest_api_timeout;
-
- agent = imv_agent_create(name, msg_types, countof(msg_types), id,
- actual_version);
- if (!agent)
- {
- return NULL;
- }
- agent->add_non_fatal_attr_type(agent,
- pen_type_create(PEN_TCG, TCG_SEG_MAX_ATTR_SIZE_REQ));
-
- INIT(this,
- .public = {
- .bind_functions = _bind_functions,
- .notify_connection_change = _notify_connection_change,
- .receive_message = _receive_message,
- .receive_message_long = _receive_message_long,
- .batch_ending = _batch_ending,
- .solicit_recommendation = _solicit_recommendation,
- .destroy = _destroy,
- },
- .agent = agent,
- );
-
- rest_api_uri = lib->settings->get_str(lib->settings,
- "%s.plugins.imv-swid.rest_api_uri", NULL, lib->ns);
- rest_api_timeout = lib->settings->get_int(lib->settings,
- "%s.plugins.imv-swid.rest_api_timeout", 120, lib->ns);
- if (rest_api_uri)
- {
- this->rest_api = rest_create(rest_api_uri, rest_api_timeout);
- }
-
- return &this->public;
-}
-
diff --git a/src/libimcv/plugins/imv_swid/imv_swid_agent.h b/src/libimcv/plugins/imv_swid/imv_swid_agent.h
deleted file mode 100644
index 4218040bc..000000000
--- a/src/libimcv/plugins/imv_swid/imv_swid_agent.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright (C) 2013 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imv_swid_agent_t imv_swid_agent
- * @{ @ingroup imv_swid
- */
-
-#ifndef IMV_SWID_AGENT_H_
-#define IMV_SWID_AGENT_H_
-
-#include <imv/imv_agent_if.h>
-
-/**
- * Creates an SWID IMV agent
- *
- * @param name Name of the IMV
- * @param id ID of the IMV
- * @param actual_version TNC IF-IMV version
- */
-imv_agent_if_t* imv_swid_agent_create(const char* name, TNC_IMVID id,
- TNC_Version *actual_version);
-
-#endif /** IMV_SWID_AGENT_H_ @}*/
diff --git a/src/libimcv/plugins/imv_swid/imv_swid_state.c b/src/libimcv/plugins/imv_swid/imv_swid_state.c
deleted file mode 100644
index 50e9f489a..000000000
--- a/src/libimcv/plugins/imv_swid/imv_swid_state.c
+++ /dev/null
@@ -1,417 +0,0 @@
-/*
- * Copyright (C) 2013-2017 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "imv_swid_state.h"
-
-#include <imv/imv_lang_string.h>
-#include <imv/imv_reason_string.h>
-#include <imv/imv_remediation_string.h>
-#include <swid/swid_tag_id.h>
-
-#include <tncif_policy.h>
-
-#include <utils/lexparser.h>
-#include <utils/debug.h>
-
-typedef struct private_imv_swid_state_t private_imv_swid_state_t;
-
-/**
- * Private data of an imv_swid_state_t object.
- */
-struct private_imv_swid_state_t {
-
- /**
- * Public members of imv_swid_state_t
- */
- imv_swid_state_t public;
-
- /**
- * TNCCS connection ID
- */
- TNC_ConnectionID connection_id;
-
- /**
- * TNCCS connection state
- */
- TNC_ConnectionState state;
-
- /**
- * Does the TNCCS connection support long message types?
- */
- bool has_long;
-
- /**
- * Does the TNCCS connection support exclusive delivery?
- */
- bool has_excl;
-
- /**
- * Maximum PA-TNC message size for this TNCCS connection
- */
- uint32_t max_msg_len;
-
- /**
- * Flags set for completed actions
- */
- uint32_t action_flags;
-
- /**
- * IMV database session associated with TNCCS connection
- */
- imv_session_t *session;
-
- /**
- * PA-TNC attribute segmentation contracts associated with TNCCS connection
- */
- seg_contract_manager_t *contracts;
-
- /**
- * IMV action recommendation
- */
- TNC_IMV_Action_Recommendation rec;
-
- /**
- * IMV evaluation result
- */
- TNC_IMV_Evaluation_Result eval;
-
- /**
- * IMV Scanner handshake state
- */
- imv_swid_handshake_state_t handshake_state;
-
- /**
- * TNC Reason String
- */
- imv_reason_string_t *reason_string;
-
- /**
- * IETF Remediation Instructions String
- */
- imv_remediation_string_t *remediation_string;
-
- /**
- * SWID Tag Request ID
- */
- uint32_t request_id;
-
- /**
- * Number of processed SWID Tag IDs
- */
- int tag_id_count;
-
- /**
- * Number of processed SWID Tags
- */
- int tag_count;
-
- /**
- * Number of missing SWID Tags or Tag IDs
- */
- uint32_t missing;
-
- /**
- * SWID IMC ID
- */
- TNC_UInt32 imc_id;
-
- /**
- * Top level JSON object
- */
- json_object *jobj;
-
- /**
- * JSON array containing an inventory of SWID Tag IDs
- */
- json_object *jarray;
-
-};
-
-METHOD(imv_state_t, get_connection_id, TNC_ConnectionID,
- private_imv_swid_state_t *this)
-{
- return this->connection_id;
-}
-
-METHOD(imv_state_t, has_long, bool,
- private_imv_swid_state_t *this)
-{
- return this->has_long;
-}
-
-METHOD(imv_state_t, has_excl, bool,
- private_imv_swid_state_t *this)
-{
- return this->has_excl;
-}
-
-METHOD(imv_state_t, set_flags, void,
- private_imv_swid_state_t *this, bool has_long, bool has_excl)
-{
- this->has_long = has_long;
- this->has_excl = has_excl;
-}
-
-METHOD(imv_state_t, set_max_msg_len, void,
- private_imv_swid_state_t *this, uint32_t max_msg_len)
-{
- this->max_msg_len = max_msg_len;
-}
-
-METHOD(imv_state_t, get_max_msg_len, uint32_t,
- private_imv_swid_state_t *this)
-{
- return this->max_msg_len;
-}
-
-METHOD(imv_state_t, set_action_flags, void,
- private_imv_swid_state_t *this, uint32_t flags)
-{
- this->action_flags |= flags;
-}
-
-METHOD(imv_state_t, get_action_flags, uint32_t,
- private_imv_swid_state_t *this)
-{
- return this->action_flags;
-}
-
-METHOD(imv_state_t, set_session, void,
- private_imv_swid_state_t *this, imv_session_t *session)
-{
- this->session = session;
-}
-
-METHOD(imv_state_t, get_session, imv_session_t*,
- private_imv_swid_state_t *this)
-{
- return this->session;
-}
-
-METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
- private_imv_swid_state_t *this)
-{
- return this->contracts;
-}
-
-METHOD(imv_state_t, change_state, void,
- private_imv_swid_state_t *this, TNC_ConnectionState new_state)
-{
- this->state = new_state;
-}
-
-METHOD(imv_state_t, get_recommendation, void,
- private_imv_swid_state_t *this, TNC_IMV_Action_Recommendation *rec,
- TNC_IMV_Evaluation_Result *eval)
-{
- *rec = this->rec;
- *eval = this->eval;
-}
-
-METHOD(imv_state_t, set_recommendation, void,
- private_imv_swid_state_t *this, TNC_IMV_Action_Recommendation rec,
- TNC_IMV_Evaluation_Result eval)
-{
- this->rec = rec;
- this->eval = eval;
-}
-
-METHOD(imv_state_t, update_recommendation, void,
- private_imv_swid_state_t *this, TNC_IMV_Action_Recommendation rec,
- TNC_IMV_Evaluation_Result eval)
-{
- this->rec = tncif_policy_update_recommendation(this->rec, rec);
- this->eval = tncif_policy_update_evaluation(this->eval, eval);
-}
-
-METHOD(imv_state_t, get_reason_string, bool,
- private_imv_swid_state_t *this, enumerator_t *language_enumerator,
- chunk_t *reason_string, char **reason_language)
-{
- return FALSE;
-}
-
-METHOD(imv_state_t, get_remediation_instructions, bool,
- private_imv_swid_state_t *this, enumerator_t *language_enumerator,
- chunk_t *string, char **lang_code, char **uri)
-{
- return FALSE;
-}
-
-METHOD(imv_state_t, destroy, void,
- private_imv_swid_state_t *this)
-{
- json_object_put(this->jobj);
- DESTROY_IF(this->session);
- DESTROY_IF(this->reason_string);
- DESTROY_IF(this->remediation_string);
- this->contracts->destroy(this->contracts);
- free(this);
-}
-
-METHOD(imv_swid_state_t, set_handshake_state, void,
- private_imv_swid_state_t *this, imv_swid_handshake_state_t new_state)
-{
- this->handshake_state = new_state;
-}
-
-METHOD(imv_swid_state_t, get_handshake_state, imv_swid_handshake_state_t,
- private_imv_swid_state_t *this)
-{
- return this->handshake_state;
-}
-
-METHOD(imv_swid_state_t, set_request_id, void,
- private_imv_swid_state_t *this, uint32_t request_id)
-{
- this->request_id = request_id;
-}
-
-METHOD(imv_swid_state_t, get_request_id, uint32_t,
- private_imv_swid_state_t *this)
-{
- return this->request_id;
-}
-
-METHOD(imv_swid_state_t, set_swid_inventory, void,
- private_imv_swid_state_t *this, swid_inventory_t *inventory)
-{
- chunk_t tag_creator, sw_id;
- char software_id[BUF_LEN];
- json_object *jstring;
- swid_tag_id_t *tag_id;
- enumerator_t *enumerator;
-
- enumerator = inventory->create_enumerator(inventory);
- while (enumerator->enumerate(enumerator, &tag_id))
- {
- /* Construct software ID from tag creator and unique software ID */
- tag_creator = tag_id->get_tag_creator(tag_id);
- sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
- snprintf(software_id, BUF_LEN, "%.*s__%.*s",
- (int)tag_creator.len, tag_creator.ptr,
- (int)sw_id.len, sw_id.ptr);
- DBG3(DBG_IMV, " %s", software_id);
-
- /* Add software ID to JSON array */
- jstring = json_object_new_string(software_id);
- json_object_array_add(this->jarray, jstring);
- }
- enumerator->destroy(enumerator);
-}
-
-METHOD(imv_swid_state_t, get_swid_inventory, json_object*,
- private_imv_swid_state_t *this)
-{
- return this->jobj;
-}
-
-METHOD(imv_swid_state_t, set_missing, void,
- private_imv_swid_state_t *this, uint32_t count)
-{
- this->missing = count;
-}
-
-METHOD(imv_swid_state_t, get_missing, uint32_t,
- private_imv_swid_state_t *this)
-{
- return this->missing;
-}
-
-METHOD(imv_swid_state_t, set_count, void,
- private_imv_swid_state_t *this, int tag_id_count, int tag_count,
- TNC_UInt32 imc_id)
-{
- this->tag_id_count += tag_id_count;
- this->tag_count += tag_count;
- this->imc_id = imc_id;
-}
-
-METHOD(imv_swid_state_t, get_count, void,
- private_imv_swid_state_t *this, int *tag_id_count, int *tag_count)
-{
- if (tag_id_count)
- {
- *tag_id_count = this->tag_id_count;
- }
- if (tag_count)
- {
- *tag_count = this->tag_count;
- }
-}
-
-METHOD(imv_swid_state_t, get_imc_id, TNC_UInt32,
- private_imv_swid_state_t *this)
-{
- return this->imc_id;
-}
-
-/**
- * Described in header.
- */
-imv_state_t *imv_swid_state_create(TNC_ConnectionID connection_id)
-{
- private_imv_swid_state_t *this;
-
- INIT(this,
- .public = {
- .interface = {
- .get_connection_id = _get_connection_id,
- .has_long = _has_long,
- .has_excl = _has_excl,
- .set_flags = _set_flags,
- .set_max_msg_len = _set_max_msg_len,
- .get_max_msg_len = _get_max_msg_len,
- .set_action_flags = _set_action_flags,
- .get_action_flags = _get_action_flags,
- .set_session = _set_session,
- .get_session= _get_session,
- .get_contracts = _get_contracts,
- .change_state = _change_state,
- .get_recommendation = _get_recommendation,
- .set_recommendation = _set_recommendation,
- .update_recommendation = _update_recommendation,
- .get_reason_string = _get_reason_string,
- .get_remediation_instructions = _get_remediation_instructions,
- .destroy = _destroy,
- },
- .set_handshake_state = _set_handshake_state,
- .get_handshake_state = _get_handshake_state,
- .set_request_id = _set_request_id,
- .get_request_id = _get_request_id,
- .set_swid_inventory = _set_swid_inventory,
- .get_swid_inventory = _get_swid_inventory,
- .set_missing = _set_missing,
- .get_missing = _get_missing,
- .set_count = _set_count,
- .get_count = _get_count,
- .get_imc_id = _get_imc_id,
- },
- .state = TNC_CONNECTION_STATE_CREATE,
- .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
- .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
- .connection_id = connection_id,
- .contracts = seg_contract_manager_create(),
- .imc_id = TNC_IMCID_ANY,
- .jobj = json_object_new_object(),
- .jarray = json_object_new_array(),
- );
-
- json_object_object_add(this->jobj, "data", this->jarray);
-
- return &this->public.interface;
-}
-
-
diff --git a/src/libimcv/plugins/imv_swid/imv_swid_state.h b/src/libimcv/plugins/imv_swid/imv_swid_state.h
deleted file mode 100644
index 5fe99ecdc..000000000
--- a/src/libimcv/plugins/imv_swid/imv_swid_state.h
+++ /dev/null
@@ -1,145 +0,0 @@
-/*
- * Copyright (C) 2013-2016 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imv_swid imv_swid
- * @ingroup libimcv_plugins
- *
- * @defgroup imv_swid_state_t imv_swid_state
- * @{ @ingroup imv_swid
- */
-
-#ifndef IMV_SWID_STATE_H_
-#define IMV_SWID_STATE_H_
-
-#include <imv/imv_state.h>
-#include <swid/swid_inventory.h>
-#include <library.h>
-
-#include <json.h>
-
-typedef struct imv_swid_state_t imv_swid_state_t;
-typedef enum imv_swid_handshake_state_t imv_swid_handshake_state_t;
-
-/**
- * IMV OS Handshake States (state machine)
- */
-enum imv_swid_handshake_state_t {
- IMV_SWID_STATE_INIT,
- IMV_SWID_STATE_WORKITEMS,
- IMV_SWID_STATE_END
-};
-
-/**
- * Internal state of an imv_swid_t connection instance
- */
-struct imv_swid_state_t {
-
- /**
- * imv_state_t interface
- */
- imv_state_t interface;
-
- /**
- * Set state of the handshake
- *
- * @param new_state the handshake state of IMV
- */
- void (*set_handshake_state)(imv_swid_state_t *this,
- imv_swid_handshake_state_t new_state);
-
- /**
- * Get state of the handshake
- *
- * @return the handshake state of IMV
- */
- imv_swid_handshake_state_t (*get_handshake_state)(imv_swid_state_t *this);
-
- /**
- * Set the SWID request ID
- *
- * @param request_id SWID request ID to be set
- */
- void (*set_request_id)(imv_swid_state_t *this, uint32_t request_id);
-
- /**
- * Get the SWID request ID
- *
- * @return SWID request ID
- */
- uint32_t (*get_request_id)(imv_swid_state_t *this);
-
- /**
- * Set or extend the SWID Tag ID inventory in the state
- *
- * @param inventory SWID Tags ID inventory to be added
- */
- void (*set_swid_inventory)(imv_swid_state_t *this, swid_inventory_t *inventory);
-
- /**
- * Get the encoding of the complete SWID Tag ID inventory
- *
- * @return SWID Tags ID inventory as a JSON array
- */
- json_object* (*get_swid_inventory)(imv_swid_state_t *this);
-
- /**
- * Set the number of still missing SWID Tags or Tag IDs
- *
- * @param count Number of missing SWID Tags or Tag IDs
- */
- void (*set_missing)(imv_swid_state_t *this, uint32_t count);
-
- /**
- * Get the number of still missing SWID Tags or Tag IDs
- *
- * @result Number of missing SWID Tags or Tag IDs
- */
- uint32_t (*get_missing)(imv_swid_state_t *this);
-
- /**
- * Set [or with multiple attributes increment] SWID Tag [ID] counters
- *
- * @param tag_id_count Number of received SWID Tag IDs
- * @param tag_count Number of received SWID Tags
- * @param imc_id SWID IMC ID
- */
- void (*set_count)(imv_swid_state_t *this, int tag_id_count, int tag_count,
- TNC_UInt32 imc_id);
-
- /**
- * Set [or with multiple attributes increment] SWID Tag [ID] counters
- *
- * @param tag_id_count Number of received SWID Tag IDs
- * @param tag_count Number of received SWID Tags
- */
- void (*get_count)(imv_swid_state_t *this, int *tag_id_count, int *tag_count);
-
- /**
- * Get SWID IMC ID
- *
- * @return SWID IMC ID
- */
- TNC_UInt32 (*get_imc_id)(imv_swid_state_t *this);
-};
-
-/**
- * Create an imv_swid_state_t instance
- *
- * @param id connection ID
- */
-imv_state_t* imv_swid_state_create(TNC_ConnectionID id);
-
-#endif /** IMV_SWID_STATE_H_ @}*/
diff --git a/src/libimcv/plugins/imv_swima/Makefile.in b/src/libimcv/plugins/imv_swima/Makefile.in
index e2132b576..a9c7715ec 100644
--- a/src/libimcv/plugins/imv_swima/Makefile.in
+++ b/src/libimcv/plugins/imv_swima/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imv_swima/imv_swima_agent.c b/src/libimcv/plugins/imv_swima/imv_swima_agent.c
index 1d9944200..52f1baf03 100644
--- a/src/libimcv/plugins/imv_swima/imv_swima_agent.c
+++ b/src/libimcv/plugins/imv_swima/imv_swima_agent.c
@@ -187,11 +187,17 @@ static TNC_Result receive_msg(private_imv_swima_agent_t *this,
}
description = reader->peek(reader);
if (description.len)
- {
+ {
DBG1(DBG_IMV, " description: %.*s", description.len,
description.ptr);
}
reader->destroy(reader);
+ if (error_code.type == PA_ERROR_SWIMA_SUBSCRIPTION_DENIED)
+ {
+ swima_state->set_subscription(swima_state, FALSE);
+ DBG1(DBG_IMV, "SWIMA subscription %u cleared",
+ swima_state->get_request_id(swima_state));
+ }
break;
}
case IETF_ATTR_SW_ID_INVENTORY:
@@ -474,7 +480,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
seg_contract_t *contract;
seg_contract_manager_t *contracts;
swima_inventory_t *targets;
- uint32_t earliest_eid = 0;
+ uint32_t old_request_id = 0, earliest_eid = 0;
char buf[BUF_LEN];
enumerator = session->create_workitem_enumerator(session);
@@ -487,7 +493,13 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
{
continue;
}
-
+
+ earliest_eid = workitem->get_arg_int(workitem);
+ request_id = workitem->get_id(workitem);
+ workitem->set_imv_id(workitem, imv_id);
+ no_workitems = FALSE;
+ old_request_id = swima_state->get_request_id(swima_state);
+
flags = IETF_SWIMA_ATTR_REQ_FLAG_NONE;
if (strchr(workitem->get_arg_str(workitem), 'R'))
{
@@ -496,47 +508,57 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
if (strchr(workitem->get_arg_str(workitem), 'S'))
{
flags |= IETF_SWIMA_ATTR_REQ_FLAG_S;
+ swima_state->set_subscription(swima_state, TRUE);
+ if (!old_request_id)
+ {
+ DBG1(DBG_IMV, "SWIMA subscription %u requested",
+ request_id);
+ }
}
if (strchr(workitem->get_arg_str(workitem), 'C'))
{
flags |= IETF_SWIMA_ATTR_REQ_FLAG_C;
+ swima_state->set_subscription(swima_state, FALSE);
}
- earliest_eid = workitem->get_arg_int(workitem);
-
- /* Determine maximum PA-TNC attribute segment size */
- max_seg_size = state->get_max_msg_len(state)
- - PA_TNC_HEADER_SIZE
- - PA_TNC_ATTR_HEADER_SIZE
- - TCG_SEG_ATTR_SEG_ENV_HEADER;
-
- /* Announce support of PA-TNC segmentation to IMC */
- contract = seg_contract_create(msg_types[0], max_attr_size,
- max_seg_size, TRUE, imv_id, FALSE);
- contract->get_info_string(contract, buf, BUF_LEN, TRUE);
- DBG2(DBG_IMV, "%s", buf);
- contracts = state->get_contracts(state);
- contracts->add_contract(contracts, contract);
- attr = tcg_seg_attr_max_size_create(max_attr_size,
- max_seg_size, TRUE);
- out_msg->add_attribute(out_msg, attr);
-
- /* Issue a SWID request */
- request_id = workitem->get_id(workitem);
- swima_state->set_request_id(swima_state, request_id);
- attr = ietf_swima_attr_req_create(flags, request_id);
- /* Request software identifier events */
- targets = swima_inventory_create();
- targets->set_eid(targets, earliest_eid, 0);
- cast_attr = (ietf_swima_attr_req_t*)attr;
- cast_attr->set_targets(cast_attr, targets);
- targets->destroy(targets);
+ if (!old_request_id)
+ {
+ /* Determine maximum PA-TNC attribute segment size */
+ max_seg_size = state->get_max_msg_len(state)
+ - PA_TNC_HEADER_SIZE
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_SEG_ENV_HEADER;
+
+ /* Announce support of PA-TNC segmentation to IMC */
+ contract = seg_contract_create(msg_types[0], max_attr_size,
+ max_seg_size, TRUE, imv_id, FALSE);
+ contract->get_info_string(contract, buf, BUF_LEN, TRUE);
+ DBG2(DBG_IMV, "%s", buf);
+ contracts = state->get_contracts(state);
+ contracts->add_contract(contracts, contract);
+ attr = tcg_seg_attr_max_size_create(max_attr_size,
+ max_seg_size, TRUE);
+ out_msg->add_attribute(out_msg, attr);
+ }
- out_msg->add_attribute(out_msg, attr);
- workitem->set_imv_id(workitem, imv_id);
- no_workitems = FALSE;
- DBG2(DBG_IMV, "IMV %d issues sw request %d with earliest eid %d",
- imv_id, request_id, earliest_eid);
+ if (!old_request_id ||
+ !swima_state->get_subscription(swima_state))
+ {
+ /* Issue a SWID request */
+ swima_state->set_request_id(swima_state, request_id);
+ attr = ietf_swima_attr_req_create(flags, request_id);
+
+ /* Request software identifier events */
+ targets = swima_inventory_create();
+ targets->set_eid(targets, earliest_eid, 0);
+ cast_attr = (ietf_swima_attr_req_t*)attr;
+ cast_attr->set_targets(cast_attr, targets);
+ targets->destroy(targets);
+
+ out_msg->add_attribute(out_msg, attr);
+ DBG2(DBG_IMV, "IMV %d issues sw request %d with earliest "
+ "eid %d", imv_id, request_id, earliest_eid);
+ }
break;
}
enumerator->destroy(enumerator);
@@ -565,7 +587,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
TNC_IMV_Action_Recommendation rec;
char result_str[BUF_LEN], *format = NULL, *cmd = NULL, *command;
char *target_str, *error_str = "";
- int sw_id_count, tag_count, i, res;
+ int sw_id_count, tag_count, i, res, written;
json_object *jrequest, *jresponse, *jvalue;
ietf_swima_attr_req_t *cast_attr;
swima_inventory_t *targets;
@@ -617,16 +639,24 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
&tag_count);
if (format)
{
- snprintf(result_str, BUF_LEN, format,
+ written = snprintf(result_str, BUF_LEN, format,
sw_id_count, (sw_id_count == 1) ? "" : "s",
tag_count, (tag_count == 1) ? "" : "s");
}
else
{
- snprintf(result_str, BUF_LEN, "received %d SWID tag"
- "%s", tag_count, (tag_count == 1) ? "" : "s");
+ written = snprintf(result_str, BUF_LEN,
+ "received %d SWID tag%s",
+ tag_count, (tag_count == 1) ? "" : "s");
}
+ if (swima_state->get_subscription(swima_state) &&
+ written > 0 && written < BUF_LEN)
+ {
+ snprintf(result_str + written, BUF_LEN - written,
+ " from subscription %u",
+ swima_state->get_request_id(swima_state));
+ }
session->remove_workitem(session, enumerator);
eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
diff --git a/src/libimcv/plugins/imv_swima/imv_swima_state.c b/src/libimcv/plugins/imv_swima/imv_swima_state.c
index 03500bc2d..7d9631d3f 100644
--- a/src/libimcv/plugins/imv_swima/imv_swima_state.c
+++ b/src/libimcv/plugins/imv_swima/imv_swima_state.c
@@ -101,6 +101,11 @@ struct private_imv_swima_state_t {
imv_remediation_string_t *remediation_string;
/**
+ * Has a subscription been established?
+ */
+ bool has_subscription;
+
+ /**
* SWID Tag Request ID
*/
uint32_t request_id;
@@ -204,10 +209,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
return this->contracts;
}
-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
private_imv_swima_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imv_state_t, get_recommendation, void,
@@ -248,13 +257,28 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
return FALSE;
}
+METHOD(imv_state_t, reset, void,
+ private_imv_swima_state_t *this)
+{
+ this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+ this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+ this->action_flags = 0;
+
+ this->handshake_state = IMV_SWIMA_STATE_INIT;
+ this->sw_id_count = 0;
+ this->tag_count = 0;
+ this->missing = 0;
+
+ json_object_put(this->jobj);
+ this->jobj = json_object_new_object();
+}
+
METHOD(imv_state_t, destroy, void,
private_imv_swima_state_t *this)
{
json_object_put(this->jobj);
DESTROY_IF(this->session);
- DESTROY_IF(this->reason_string);
- DESTROY_IF(this->remediation_string);
this->contracts->destroy(this->contracts);
free(this);
}
@@ -426,6 +450,18 @@ METHOD(imv_swima_state_t, get_imc_id, TNC_UInt32,
return this->imc_id;
}
+METHOD(imv_swima_state_t, set_subscription, void,
+ private_imv_swima_state_t *this, bool set)
+{
+ this->has_subscription = set;
+}
+
+METHOD(imv_swima_state_t, get_subscription, bool,
+ private_imv_swima_state_t *this)
+{
+ return this->has_subscription;
+}
+
/**
* Described in header.
*/
@@ -453,6 +489,7 @@ imv_state_t *imv_swima_state_create(TNC_ConnectionID connection_id)
.update_recommendation = _update_recommendation,
.get_reason_string = _get_reason_string,
.get_remediation_instructions = _get_remediation_instructions,
+ .reset = _reset,
.destroy = _destroy,
},
.set_handshake_state = _set_handshake_state,
@@ -467,6 +504,8 @@ imv_state_t *imv_swima_state_create(TNC_ConnectionID connection_id)
.set_count = _set_count,
.get_count = _get_count,
.get_imc_id = _get_imc_id,
+ .set_subscription = _set_subscription,
+ .get_subscription = _get_subscription,
},
.state = TNC_CONNECTION_STATE_CREATE,
.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
diff --git a/src/libimcv/plugins/imv_swima/imv_swima_state.h b/src/libimcv/plugins/imv_swima/imv_swima_state.h
index 4fa32daf4..e2f805189 100644
--- a/src/libimcv/plugins/imv_swima/imv_swima_state.h
+++ b/src/libimcv/plugins/imv_swima/imv_swima_state.h
@@ -141,6 +141,20 @@ struct imv_swima_state_t {
* @return SWID IMC ID
*/
TNC_UInt32 (*get_imc_id)(imv_swima_state_t *this);
+
+ /**
+ * Set or clear a subscription
+ *
+ * @param set TRUE sets and FALSE clears a subscripton
+ */
+ void (*set_subscription)(imv_swima_state_t *this, bool set);
+
+ /**
+ * Get the subscription status
+ *
+ * @return TRUE if subscription is set
+ */
+ bool (*get_subscription)(imv_swima_state_t *this);
};
/**
diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in
index b583a32c2..d9b1725d2 100644
--- a/src/libimcv/plugins/imv_test/Makefile.in
+++ b/src/libimcv/plugins/imv_test/Makefile.in
@@ -309,7 +309,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -335,6 +334,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -355,8 +356,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -411,8 +410,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -441,8 +438,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imv_test/imv_test_state.c b/src/libimcv/plugins/imv_test/imv_test_state.c
index c20d00bd1..fe6bf18b2 100644
--- a/src/libimcv/plugins/imv_test/imv_test_state.c
+++ b/src/libimcv/plugins/imv_test/imv_test_state.c
@@ -173,10 +173,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
return this->contracts;
}
-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
private_imv_test_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imv_state_t, get_recommendation, void,
@@ -226,6 +230,20 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
return FALSE;
}
+METHOD(imv_state_t, reset, void,
+ private_imv_test_state_t *this)
+{
+ DESTROY_IF(this->reason_string);
+ this->reason_string = NULL;
+ this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+ this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+ this->imcs->destroy_function(this->imcs, free);
+ this->imcs = linked_list_create();
+
+}
+
+
METHOD(imv_state_t, destroy, void,
private_imv_test_state_t *this)
{
@@ -326,6 +344,7 @@ imv_state_t *imv_test_state_create(TNC_ConnectionID connection_id)
.update_recommendation = _update_recommendation,
.get_reason_string = _get_reason_string,
.get_remediation_instructions = _get_remediation_instructions,
+ .reset = _reset,
.destroy = _destroy,
},
.add_imc = _add_imc,
diff --git a/src/libimcv/pts/pts.c b/src/libimcv/pts/pts.c
index 3cf439f35..56bb821cd 100644
--- a/src/libimcv/pts/pts.c
+++ b/src/libimcv/pts/pts.c
@@ -323,7 +323,6 @@ METHOD(pts_t, set_tpm_version_info, void,
private_pts_t *this, chunk_t info)
{
this->tpm_version_info = chunk_clone(info);
- /* print_tpm_version_info(this); */
}
/**
diff --git a/src/libimcv/suites/test_imcv_swima.c b/src/libimcv/suites/test_imcv_swima.c
index a579f7378..b3207fb93 100644
--- a/src/libimcv/suites/test_imcv_swima.c
+++ b/src/libimcv/suites/test_imcv_swima.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2017 Andreas Steffen
+ * Copyright (C) 2017-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -182,7 +182,7 @@ START_TEST(test_imcv_swima_sw_req)
targets = c_attr->get_targets(c_attr);
ck_assert(targets->get_eid(targets, NULL) == req_data[_i].earliest_eid);
-
+
enumerator = targets->create_enumerator(targets);
ck_assert(enumerator);
n = 0;
@@ -268,67 +268,69 @@ static sw_inv_data_t sw_inv_data[] = {
chunk_from_chars(
0x00, 0x00, 0x00, 0x01, 0xAA, 0xBB, 0xCC, 0xD2, 0x12, 0x34,
0x56, 0x78, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72,
- 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72,
- 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77,
- 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77,
- 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74,
- 0x79, 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x61,
- 0x62, 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1F, 0x73, 0x74,
+ 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F,
+ 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53,
+ 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74,
0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69,
- 0x74, 0x79, 0x3E)
+ 0x74, 0x79, 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22,
+ 0x61, 0x62, 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66,
+ 0x74, 0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74,
+ 0x69, 0x74, 0x79, 0x3E)
},
{ IETF_SWIMA_ATTR_SW_INV_FLAG_NONE, 0xaabbccd3, 0x12345678, 0x00000030,
chunk_from_chars(
0x00, 0x00, 0x00, 0x01, 0xAA, 0xBB, 0xCC, 0xD3, 0x12, 0x34,
0x56, 0x78, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72,
- 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72,
- 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77,
- 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00)
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1F, 0x73, 0x74,
+ 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F,
+ 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53,
+ 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00,
+ 0x00)
},
{ IETF_SWIMA_ATTR_SW_INV_FLAG_S_F, 0xaabbccd4, 0x12345678, 0x00000034,
chunk_from_chars(
0x80, 0x00, 0x00, 0x02, 0xAA, 0xBB, 0xCC, 0xD4, 0x12, 0x34,
0x56, 0x78, 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72,
- 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72,
- 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77,
- 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77,
- 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74,
- 0x79, 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x61,
- 0x62, 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1F, 0x73, 0x74,
+ 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F,
+ 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53,
+ 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74,
0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69,
- 0x74, 0x79, 0x3E, 0x00, 0x00, 0x00, 0x01, 0x00, 0x90, 0x2A,
- 0x19, 0x11, 0x00, 0x33, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67,
- 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x36,
- 0x32, 0x32, 0x35, 0x31, 0x61, 0x61, 0x36, 0x2D, 0x31, 0x61,
- 0x30, 0x31, 0x2D, 0x34, 0x37, 0x39, 0x62, 0x2D, 0x61, 0x65,
- 0x61, 0x36, 0x2D, 0x66, 0x33, 0x64, 0x63, 0x66, 0x30, 0x61,
- 0x62, 0x31, 0x66, 0x31, 0x61, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65,
- 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, 0x79, 0x20, 0x74,
- 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x64, 0x65, 0x66, 0x22,
- 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72,
- 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, 0x79, 0x3E)
+ 0x74, 0x79, 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22,
+ 0x61, 0x62, 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66,
+ 0x74, 0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74,
+ 0x69, 0x74, 0x79, 0x3E, 0x00, 0x00, 0x00, 0x01, 0x00, 0x90,
+ 0x2A, 0x19, 0x11, 0x00, 0x00, 0x33, 0x73, 0x74, 0x72, 0x6F,
+ 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67,
+ 0x5F, 0x36, 0x32, 0x32, 0x35, 0x31, 0x61, 0x61, 0x36, 0x2D,
+ 0x31, 0x61, 0x30, 0x31, 0x2D, 0x34, 0x37, 0x39, 0x62, 0x2D,
+ 0x61, 0x65, 0x61, 0x36, 0x2D, 0x66, 0x33, 0x64, 0x63, 0x66,
+ 0x30, 0x61, 0x62, 0x31, 0x66, 0x31, 0x61, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61,
+ 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, 0x79,
+ 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x64, 0x65,
+ 0x66, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74, 0x77,
+ 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74,
+ 0x79, 0x3E)
},
{ IETF_SWIMA_ATTR_SW_INV_FLAG_S_F, 0xaabbccd5, 0x12345678, 0x00000034,
chunk_from_chars(
0x80, 0x00, 0x00, 0x02, 0xAA, 0xBB, 0xCC, 0xD5, 0x12, 0x34,
0x56, 0x78, 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72,
- 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72,
- 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77,
- 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01, 0x00, 0x90, 0x2A, 0x19, 0x11, 0x00,
- 0x33, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61,
- 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x36, 0x32, 0x32, 0x35,
- 0x31, 0x61, 0x61, 0x36, 0x2D, 0x31, 0x61, 0x30, 0x31, 0x2D,
- 0x34, 0x37, 0x39, 0x62, 0x2D, 0x61, 0x65, 0x61, 0x36, 0x2D,
- 0x66, 0x33, 0x64, 0x63, 0x66, 0x30, 0x61, 0x62, 0x31, 0x66,
- 0x31, 0x61, 0x00, 0x00)
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1F, 0x73, 0x74,
+ 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F,
+ 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53,
+ 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x90, 0x2A, 0x19, 0x11,
+ 0x00, 0x00, 0x33, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x73,
+ 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x36, 0x32,
+ 0x32, 0x35, 0x31, 0x61, 0x61, 0x36, 0x2D, 0x31, 0x61, 0x30,
+ 0x31, 0x2D, 0x34, 0x37, 0x39, 0x62, 0x2D, 0x61, 0x65, 0x61,
+ 0x36, 0x2D, 0x66, 0x33, 0x64, 0x63, 0x66, 0x30, 0x61, 0x62,
+ 0x31, 0x66, 0x31, 0x61, 0x00, 0x00)
}
};
@@ -351,7 +353,7 @@ START_TEST(test_imcv_swima_inv)
sw_id_only);
sw_inv = swima_inventory_create();
- sw_inv->set_eid(sw_inv, sw_inv_data[_i].last_eid, sw_inv_data[_i].eid_epoch);
+ sw_inv->set_eid(sw_inv, sw_inv_data[_i].last_eid, sw_inv_data[_i].eid_epoch);
for (n = 0; n < _i/2; n++)
{
sw_id = chunk_from_str(sw_id_str[n]);
@@ -445,15 +447,17 @@ END_TEST
* 23 data_model_type
* 24 segment 5 - 1 octet
* 24 source_id
- * 25 sw_id
- * 26 segment 6 - 2 octets
- * 58 sw_locator
- * 59 segment 7 - 33 octets
- * 60 record
- * 62 segment 8 - 3 octets
- * 113 sw record 2
- * 114 segment 9 - 52 octets
- * 230 segment 10 - 116 octets
+ * 25 segment 6 - 1 octet
+ * 25 reserved
+ * 26 sw_id
+ * 27 segment 7 - 2 octets
+ * 59 sw_locator
+ * 60 segment 8 - 33 octets
+ * 61 record
+ * 63 segment 9 - 3 octets
+ * 114 sw record 2
+ * 115 segment 10 - 52 octets
+ * 231 segment 11 - 117 octets
*/
START_TEST(test_imcv_swima_sw_inv_trunc)
@@ -509,26 +513,32 @@ START_TEST(test_imcv_swima_sw_inv_trunc)
attr->add_segment(attr, data);
ck_assert(attr->process(attr, &offset) == NEED_MORE);
- /* Segment 6 truncates sw_id */
+ /* Segment 6 truncates reserved */
data = chunk_skip(sw_inv_data[4].value, 24);
+ data.len = 1;
+ attr->add_segment(attr, data);
+ ck_assert(attr->process(attr, &offset) == NEED_MORE);
+
+ /* Segment 7 truncates sw_id */
+ data = chunk_skip(sw_inv_data[4].value, 25);
data.len = 2;
attr->add_segment(attr, data);
ck_assert(attr->process(attr, &offset) == NEED_MORE);
- /* Segment 7 truncates sw_locator */
- data = chunk_skip(sw_inv_data[4].value, 26);
+ /* Segment 8 truncates sw_locator */
+ data = chunk_skip(sw_inv_data[4].value, 27);
data.len = 33;
attr->add_segment(attr, data);
ck_assert(attr->process(attr, &offset) == NEED_MORE);
- /* Segment 8 truncates record */
- data = chunk_skip(sw_inv_data[4].value, 59);
+ /* Segment 9 truncates record */
+ data = chunk_skip(sw_inv_data[4].value, 60);
data.len = 3;
attr->add_segment(attr, data);
ck_assert(attr->process(attr, &offset) == NEED_MORE);
- /* Segment 9 truncates second sw_record */
- data = chunk_skip(sw_inv_data[4].value, 62);
+ /* Segment 10 truncates second sw_record */
+ data = chunk_skip(sw_inv_data[4].value, 63);
data.len = 52;
attr->add_segment(attr, data);
ck_assert(attr->process(attr, &offset) == SUCCESS);
@@ -539,9 +549,9 @@ START_TEST(test_imcv_swima_sw_inv_trunc)
ck_assert(sw_inv->get_count(sw_inv) == 1);
c_attr->clear_inventory(c_attr);
- /* Segment 10 truncates second sw_record */
- data = chunk_skip(sw_inv_data[4].value, 114);
- data.len = 116;
+ /* Segment 11 truncates second sw_record */
+ data = chunk_skip(sw_inv_data[4].value, 115);
+ data.len = 117;
attr->add_segment(attr, data);
ck_assert(attr->process(attr, &offset) == SUCCESS);
@@ -626,7 +636,7 @@ static sw_ev_data_t sw_ev_data[] = {
0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0',
'5', '-', '3', '0', 'T', '1', '8', ':', '0', '9',
':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F,
+ 0x00, 0x00, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F,
0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67,
0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61,
0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, 0x00,
@@ -644,7 +654,7 @@ static sw_ev_data_t sw_ev_data[] = {
0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0',
'5', '-', '3', '0', 'T', '1', '8', ':', '0', '9',
':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F,
+ 0x00, 0x00, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F,
0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67,
0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61,
0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00)
@@ -656,7 +666,7 @@ static sw_ev_data_t sw_ev_data[] = {
0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0',
'5', '-', '3', '0', 'T', '1', '8', ':', '0', '9',
':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F,
+ 0x00, 0x00, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F,
0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67,
0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61,
0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, 0x00,
@@ -688,7 +698,7 @@ static sw_ev_data_t sw_ev_data[] = {
0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0',
'5', '-', '3', '0', 'T', '1', '8', ':', '0', '9',
':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F,
+ 0x00, 0x00, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F,
0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67,
0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61,
0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, 0x00,
@@ -827,8 +837,8 @@ END_TEST
*
* 0 constant header
* 16 segment 1 - 16 octets
- * 20 eid
- * 22 segment 2 - 6 octets
+ * 20 eid
+ * 22 segment 2 - 6 octets
* 24 timestamp
* 26 segment 3 - 4 octets
* 44 record_id
diff --git a/src/libimcv/swid/swid_error.c b/src/libimcv/swid/swid_error.c
deleted file mode 100644
index 7c7427fb1..000000000
--- a/src/libimcv/swid/swid_error.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (C) 2011 Sansar Choinyambuu
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "swid_error.h"
-
-#include <bio/bio_writer.h>
-#include <ietf/ietf_attr_pa_tnc_error.h>
-
-ENUM(swid_error_code_names, TCG_SWID_ERROR, TCG_SWID_RESPONSE_TOO_LARGE,
- "SWID Error",
- "SWID Subscription Denied",
- "SWID Response Too Large"
-);
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t* swid_error_create(swid_error_code_t code, uint32_t request_id,
- uint32_t max_attr_size, char *description)
-{
- bio_writer_t *writer;
- chunk_t msg_info;
- pa_tnc_attr_t *attr;
- pen_type_t error_code;
-
- error_code = pen_type_create( PEN_TCG, code);
- writer = bio_writer_create(4);
- writer->write_uint32(writer, request_id);
- if (code == TCG_SWID_RESPONSE_TOO_LARGE)
- {
- writer->write_uint32(writer, max_attr_size);
- }
- if (description)
- {
- writer->write_data(writer, chunk_from_str(description));
- }
- msg_info = writer->get_buf(writer);
- attr = ietf_attr_pa_tnc_error_create(error_code, msg_info);
- writer->destroy(writer);
-
- return attr;
-}
-
diff --git a/src/libimcv/swid/swid_error.h b/src/libimcv/swid/swid_error.h
deleted file mode 100644
index 2ed099186..000000000
--- a/src/libimcv/swid/swid_error.h
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright (C) 2013 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup swid_error swid_error
- * @{ @ingroup libimcv_swid
- */
-
-#ifndef SWID_ERROR_H_
-#define SWID_ERROR_H_
-
-typedef enum swid_error_code_t swid_error_code_t;
-
-#include "pa_tnc/pa_tnc_attr.h"
-
-#include <library.h>
-
-
-/**
- * SWID Error Codes
- * see section 3.14.2 of PTS Protocol: Binding to TNC IF-M Specification
- */
-enum swid_error_code_t {
- TCG_SWID_ERROR = 0x20,
- TCG_SWID_SUBSCRIPTION_DENIED = 0x21,
- TCG_SWID_RESPONSE_TOO_LARGE = 0x22
-};
-
-/**
- * enum name for swid_error_code_t.
- */
-extern enum_name_t *swid_error_code_names;
-
-/**
- * Creates a SWID Error Attribute
- * see section 4.12 of TNC SWID Message and Attributes for IF-M
- *
- * @param code SWID error code
- * @param request SWID request ID
- * @param max_attr_size Maximum IF-M attribute size (if applicable)
- * @param description Optional description string or NULL
- */
-pa_tnc_attr_t* swid_error_create(swid_error_code_t code, uint32_t request,
- uint32_t max_attr_size, char *description);
-
-#endif /** SWID_ERROR_H_ @}*/
diff --git a/src/libimcv/swid/swid_inventory.c b/src/libimcv/swid/swid_inventory.c
deleted file mode 100644
index 5f6e50cb7..000000000
--- a/src/libimcv/swid/swid_inventory.c
+++ /dev/null
@@ -1,342 +0,0 @@
-/*
- * Copyright (C) 2013-2017 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "swid_inventory.h"
-#include "swid_tag.h"
-#include "swid_tag_id.h"
-#include "swid_gen/swid_gen.h"
-
-#include <collections/linked_list.h>
-#include <utils/lexparser.h>
-#include <utils/debug.h>
-
-#include <stdio.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <sys/stat.h>
-#include <libgen.h>
-#include <errno.h>
-
-typedef struct private_swid_inventory_t private_swid_inventory_t;
-
-/**
- * Private data of a swid_inventory_t object.
- *
- */
-struct private_swid_inventory_t {
-
- /**
- * Public swid_inventory_t interface.
- */
- swid_inventory_t public;
-
- /**
- * Full SWID tags or just SWID tag IDs
- */
- bool full_tags;
-
- /**
- * List of SWID tags or tag IDs
- */
- linked_list_t *list;
-};
-
-static status_t generate_tags(private_swid_inventory_t *this,
- swid_inventory_t *targets, bool pretty, bool full)
-{
- swid_gen_t *swid_gen;
- swid_tag_t *tag;
- swid_tag_id_t *tag_id;
- enumerator_t *enumerator;
- status_t status = SUCCESS;
- chunk_t out;
-
- swid_gen = swid_gen_create();
-
- if (targets->get_count(targets) == 0)
- {
- DBG2(DBG_IMC, "SWID tag%s generation by package manager",
- this->full_tags ? "" : " ID");
-
- enumerator = swid_gen->create_tag_enumerator(swid_gen, !this->full_tags,
- full, pretty);
- if (enumerator)
- {
- while (enumerator->enumerate(enumerator, &out))
- {
- if (this->full_tags)
- {
- chunk_t swid_tag = out;
-
- tag = swid_tag_create(swid_tag, chunk_empty);
- this->list->insert_last(this->list, tag);
- }
- else
- {
- chunk_t tag_creator, sw_id = out;
-
- if (extract_token_str(&tag_creator, "__", &sw_id))
- {
- tag_id = swid_tag_id_create(tag_creator, sw_id,
- chunk_empty);
- this->list->insert_last(this->list, tag_id);
- }
- else
- {
- DBG1(DBG_IMC, "separation of regid from unique "
- "software ID failed");
- status = FAILED;
- chunk_free(&out);
- break;
- }
- }
- chunk_free(&out);
- }
- enumerator->destroy(enumerator);
- }
- else
- {
- status = NOT_SUPPORTED;
- }
- }
- else if (this->full_tags)
- {
- DBG2(DBG_IMC, "targeted SWID tag generation");
-
- enumerator = targets->create_enumerator(targets);
- while (enumerator->enumerate(enumerator, &tag_id))
- {
- char software_id[BUF_LEN], *swid_tag;
- chunk_t tag_creator, sw_id;
-
- /* Construct software ID from tag creator and unique software ID */
- tag_creator = tag_id->get_tag_creator(tag_id);
- sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
- snprintf(software_id, BUF_LEN, "%.*s__%.*s",
- (int)tag_creator.len, tag_creator.ptr,
- (int)sw_id.len, sw_id.ptr);
-
- swid_tag = swid_gen->generate_tag(swid_gen, software_id, NULL, NULL,
- full, pretty);
- if (swid_tag)
- {
- tag = swid_tag_create(chunk_from_str(swid_tag), chunk_empty);
- this->list->insert_last(this->list, tag);
- free(swid_tag);
- }
- }
- enumerator->destroy(enumerator);
- }
- swid_gen->destroy(swid_gen);
-
- return status;
-}
-
-static bool collect_tags(private_swid_inventory_t *this, char *pathname,
- swid_inventory_t *targets, bool is_swidtag_dir)
-{
- char *rel_name, *abs_name;
- struct stat st;
- bool success = FALSE;
- enumerator_t *enumerator;
-
- enumerator = enumerator_create_directory(pathname);
- if (!enumerator)
- {
- DBG1(DBG_IMC, "directory '%s' can not be opened, %s",
- pathname, strerror(errno));
- return FALSE;
- }
- if (is_swidtag_dir)
- {
- DBG2(DBG_IMC, "entering %s", pathname);
- }
-
- while (enumerator->enumerate(enumerator, &rel_name, &abs_name, &st))
- {
- char *separator, *suffix;
- chunk_t tag_creator;
- chunk_t unique_sw_id = chunk_empty, tag_file_path = chunk_empty;
-
- if (S_ISDIR(st.st_mode))
- {
- if (!collect_tags(this, abs_name, targets, is_swidtag_dir ||
- streq(rel_name, "swidtag")))
- {
- goto end;
- }
- continue;
- }
- if (!is_swidtag_dir)
- {
- continue;
- }
-
- /* found a swidtag file? */
- suffix = strstr(rel_name, ".swidtag");
- if (!suffix)
- {
- continue;
- }
-
- /* parse the swidtag filename into its components */
- separator = strstr(rel_name, "__");
- if (!separator)
- {
- DBG1(DBG_IMC, " %s", rel_name);
- DBG1(DBG_IMC, " '__' separator not found");
- goto end;
- }
- tag_creator = chunk_create(rel_name, separator-rel_name);
-
- unique_sw_id = chunk_create(separator+2, suffix-separator-2);
- tag_file_path = chunk_from_str(abs_name);
-
- /* In case of a targeted request */
- if (targets->get_count(targets))
- {
- chunk_t target_unique_sw_id, target_tag_creator;
- enumerator_t *target_enumerator;
- swid_tag_id_t *tag_id;
- bool match = FALSE;
-
- target_enumerator = targets->create_enumerator(targets);
- while (target_enumerator->enumerate(target_enumerator, &tag_id))
- {
- target_unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
- target_tag_creator = tag_id->get_tag_creator(tag_id);
-
- if (chunk_equals(target_unique_sw_id, unique_sw_id) &&
- chunk_equals(target_tag_creator, tag_creator))
- {
- match = TRUE;
- break;
- }
- }
- target_enumerator->destroy(target_enumerator);
-
- if (!match)
- {
- continue;
- }
- }
- DBG2(DBG_IMC, " %s", rel_name);
-
- if (this->full_tags)
- {
- swid_tag_t *tag;
- chunk_t *xml_tag;
-
- xml_tag = chunk_map(abs_name, FALSE);
- if (!xml_tag)
- {
- DBG1(DBG_IMC, " opening '%s' failed: %s", abs_name,
- strerror(errno));
- goto end;
- }
-
- tag = swid_tag_create(*xml_tag, tag_file_path);
- this->list->insert_last(this->list, tag);
- chunk_unmap(xml_tag);
- }
- else
- {
- swid_tag_id_t *tag_id;
-
- tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path);
- this->list->insert_last(this->list, tag_id);
- }
- }
- success = TRUE;
-
-end:
- enumerator->destroy(enumerator);
- if (is_swidtag_dir)
- {
- DBG2(DBG_IMC, "leaving %s", pathname);
- }
-
- return success;
-}
-
-METHOD(swid_inventory_t, collect, bool,
- private_swid_inventory_t *this, char *directory, swid_inventory_t *targets,
- bool pretty, bool full)
-{
- /**
- * Tags are generated by a package manager
- */
- generate_tags(this, targets, pretty, full);
-
- /**
- * Collect swidtag files by iteratively entering all directories in
- * the tree under the "directory" path.
- */
- return collect_tags(this, directory, targets, FALSE);
-}
-
-METHOD(swid_inventory_t, add, void,
- private_swid_inventory_t *this, void *item)
-{
- this->list->insert_last(this->list, item);
-}
-
-METHOD(swid_inventory_t, get_count, int,
- private_swid_inventory_t *this)
-{
- return this->list->get_count(this->list);
-}
-
-METHOD(swid_inventory_t, create_enumerator, enumerator_t*,
- private_swid_inventory_t *this)
-{
- return this->list->create_enumerator(this->list);
-}
-
-METHOD(swid_inventory_t, destroy, void,
- private_swid_inventory_t *this)
-{
- if (this->full_tags)
- {
- this->list->destroy_offset(this->list, offsetof(swid_tag_t, destroy));
- }
- else
- {
- this->list->destroy_offset(this->list, offsetof(swid_tag_id_t, destroy));
- }
- free(this);
-}
-
-/**
- * See header
- */
-swid_inventory_t *swid_inventory_create(bool full_tags)
-{
- private_swid_inventory_t *this;
-
- INIT(this,
- .public = {
- .collect = _collect,
- .add = _add,
- .get_count = _get_count,
- .create_enumerator = _create_enumerator,
- .destroy = _destroy,
- },
- .full_tags = full_tags,
- .list = linked_list_create(),
- );
-
- return &this->public;
-}
diff --git a/src/libimcv/swid/swid_inventory.h b/src/libimcv/swid/swid_inventory.h
deleted file mode 100644
index ba2518e26..000000000
--- a/src/libimcv/swid/swid_inventory.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright (C) 2013-2017 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup swid_inventory swid_inventory
- * @{ @ingroup libimcv_swid
- */
-
-#ifndef SWID_INVENTORY_H_
-#define SWID_INVENTORY_H_
-
-#include <library.h>
-
-/* Maximum size of a SWID Tag Inventory: 100 MB */
-#define SWID_MAX_ATTR_SIZE 100000000
-
-typedef struct swid_inventory_t swid_inventory_t;
-
-/**
- * Class managing SWID tag inventory
- */
-struct swid_inventory_t {
-
- /**
- * Collect the SWID tags stored on the endpoint
- *
- * @param directory SWID directory path
- * @param targets List of target tag IDs
- * @param pretty Generate indented XML SWID tags
- * @param full Include file information in SWID tags
- * @return TRUE if successful
- */
- bool (*collect)(swid_inventory_t *this, char *directory,
- swid_inventory_t *targets, bool pretty, bool full);
-
- /**
- * Collect the SWID tags stored on the endpoint
- *
- * @param item SWID tag or tag ID to be added
- */
- void (*add)(swid_inventory_t *this, void *item);
-
- /**
- * Get the number of collected SWID tags
- *
- * @return Number of collected SWID tags
- */
- int (*get_count)(swid_inventory_t *this);
-
- /**
- * Create a SWID tag inventory enumerator
- *
- * @return Enumerator returning either tag ID or full tag
- */
- enumerator_t* (*create_enumerator)(swid_inventory_t *this);
-
- /**
- * Destroys a swid_inventory_t object.
- */
- void (*destroy)(swid_inventory_t *this);
-
-};
-
-/**
- * Creates a swid_inventory_t object
- *
- * @param full_tags TRUE if full tags, FALSE if tag IDs only
- */
-swid_inventory_t* swid_inventory_create(bool full_tags);
-
-#endif /** SWID_INVENTORY_H_ @}*/
diff --git a/src/libimcv/swid/swid_tag.c b/src/libimcv/swid/swid_tag.c
deleted file mode 100644
index c77c75700..000000000
--- a/src/libimcv/swid/swid_tag.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "swid_tag.h"
-
-typedef struct private_swid_tag_t private_swid_tag_t;
-
-/**
- * Private data of a swid_tag_t object.
- *
- */
-struct private_swid_tag_t {
-
- /**
- * Public swid_tag_t interface.
- */
- swid_tag_t public;
-
- /**
- * UTF-8 XML encoding of SWID tag
- */
- chunk_t encoding;
-
- /**
- * Optional Tag Identifier Instance ID
- */
- chunk_t instance_id;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(swid_tag_t, get_encoding, chunk_t,
- private_swid_tag_t *this)
-{
- return this->encoding;
-}
-
-METHOD(swid_tag_t, get_instance_id, chunk_t,
- private_swid_tag_t *this)
-{
- return this->instance_id;
-}
-
-METHOD(swid_tag_t, get_ref, swid_tag_t*,
- private_swid_tag_t *this)
-{
- ref_get(&this->ref);
- return &this->public;
-}
-
-METHOD(swid_tag_t, destroy, void,
- private_swid_tag_t *this)
-{
- if (ref_put(&this->ref))
- {
- free(this->encoding.ptr);
- free(this->instance_id.ptr);
- free(this);
- }
-}
-
-/**
- * See header
- */
-swid_tag_t *swid_tag_create(chunk_t encoding, chunk_t instance_id)
-{
- private_swid_tag_t *this;
-
- INIT(this,
- .public = {
- .get_encoding = _get_encoding,
- .get_instance_id = _get_instance_id,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .encoding = chunk_clone(encoding),
- .ref = 1,
- );
-
- if (instance_id.len > 0)
- {
- this->instance_id = chunk_clone(instance_id);
- }
-
- return &this->public;
-}
-
diff --git a/src/libimcv/swid/swid_tag.h b/src/libimcv/swid/swid_tag.h
deleted file mode 100644
index 22c14b1aa..000000000
--- a/src/libimcv/swid/swid_tag.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup swid_tag swid_tag
- * @{ @ingroup libimcv_swid
- */
-
-#ifndef SWID_TAG_H_
-#define SWID_TAG_H_
-
-#include <library.h>
-
-typedef struct swid_tag_t swid_tag_t;
-
-
-/**
- * Class storing a SWID Tag
- */
-struct swid_tag_t {
-
- /**
- * Get UTF-8 XML encoding of SWID tag
- *
- * @return XML encoding of SWID tag
- */
- chunk_t (*get_encoding)(swid_tag_t *this);
-
- /**
- * Get the optional Tag Identifier Instance ID
- *
- * @return Optional Tag Identifier Instance ID
- */
- chunk_t (*get_instance_id)(swid_tag_t *this);
-
- /**
- * Get a new reference to the swid_tag object
- *
- * @return this, with an increased refcount
- */
- swid_tag_t* (*get_ref)(swid_tag_t *this);
-
- /**
- * Destroys a swid_tag_t object.
- */
- void (*destroy)(swid_tag_t *this);
-
-};
-
-/**
- * Creates a swid_tag_t object
- *
- * @param encoding XML encoding of SWID tag
- * @param instance_id Tag Identifier Instance ID or empty chunk
- */
-swid_tag_t* swid_tag_create(chunk_t encoding, chunk_t instance_id);
-
-#endif /** SWID_TAG_H_ @}*/
diff --git a/src/libimcv/swid/swid_tag_id.c b/src/libimcv/swid/swid_tag_id.c
deleted file mode 100644
index 2dc6e3141..000000000
--- a/src/libimcv/swid/swid_tag_id.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "swid_tag_id.h"
-
-typedef struct private_swid_tag_id_t private_swid_tag_id_t;
-
-/**
- * Private data of a swid_tag_id_t object.
- *
- */
-struct private_swid_tag_id_t {
-
- /**
- * Public swid_tag_id_t interface.
- */
- swid_tag_id_t public;
-
- /**
- * Tag Creator
- */
- chunk_t tag_creator;
-
- /**
- * Unique Software ID
- */
- chunk_t unique_sw_id;
-
- /**
- * Optional Tag Identifier Instance ID
- */
- chunk_t instance_id;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(swid_tag_id_t, get_tag_creator, chunk_t,
- private_swid_tag_id_t *this)
-{
- return this->tag_creator;
-}
-
-METHOD(swid_tag_id_t, get_unique_sw_id, chunk_t,
- private_swid_tag_id_t *this, chunk_t *instance_id)
-{
- if (instance_id)
- {
- *instance_id = this->instance_id;
- }
- return this->unique_sw_id;
-}
-
-METHOD(swid_tag_id_t, get_ref, swid_tag_id_t*,
- private_swid_tag_id_t *this)
-{
- ref_get(&this->ref);
- return &this->public;
-}
-
-METHOD(swid_tag_id_t, destroy, void,
- private_swid_tag_id_t *this)
-{
- if (ref_put(&this->ref))
- {
- free(this->tag_creator.ptr);
- free(this->unique_sw_id.ptr);
- free(this->instance_id.ptr);
- free(this);
- }
-}
-
-/**
- * See header
- */
-swid_tag_id_t *swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
- chunk_t instance_id)
-{
- private_swid_tag_id_t *this;
-
- INIT(this,
- .public = {
- .get_tag_creator = _get_tag_creator,
- .get_unique_sw_id = _get_unique_sw_id,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .tag_creator = chunk_clone(tag_creator),
- .unique_sw_id = chunk_clone(unique_sw_id),
- .ref = 1,
- );
-
- if (instance_id.len > 0)
- {
- this->instance_id = chunk_clone(instance_id);
- }
-
- return &this->public;
-}
-
diff --git a/src/libimcv/swid/swid_tag_id.h b/src/libimcv/swid/swid_tag_id.h
deleted file mode 100644
index a2be290ae..000000000
--- a/src/libimcv/swid/swid_tag_id.h
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup swid_tag_id swid_tag_id
- * @{ @ingroup libimcv_swid
- */
-
-#ifndef SWID_TAG_ID_H_
-#define SWID_TAG_ID_H_
-
-#include <library.h>
-
-typedef struct swid_tag_id_t swid_tag_id_t;
-
-
-/**
- * Class storing a SWID Tag ID
- */
-struct swid_tag_id_t {
-
- /**
- * Get the Tag Creator
- *
- * @return Tag Creator
- */
- chunk_t (*get_tag_creator)(swid_tag_id_t *this);
-
- /**
- * Get the Unique Software ID and optional Tag File Path
- *
- * @param instance_id Optional Tag Identifier Instance ID
- * @return Unique Software ID
- */
- chunk_t (*get_unique_sw_id)(swid_tag_id_t *this, chunk_t *instance_id);
-
- /**
- * Get a new reference to the swid_tag_id object
- *
- * @return this, with an increased refcount
- */
- swid_tag_id_t* (*get_ref)(swid_tag_id_t *this);
-
- /**
- * Destroys a swid_tag_id_t object.
- */
- void (*destroy)(swid_tag_id_t *this);
-
-};
-
-/**
- * Creates a swid_tag_id_t object
- *
- * @param tag_creator Tag Creator
- * @param unique_sw_id Unique Software ID
- * @param instance_id Tag Identifier Instance ID or empty chunk
- */
-swid_tag_id_t* swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
- chunk_t instance_id);
-
-#endif /** SWID_TAG_ID_H_ @}*/
diff --git a/src/libimcv/swima/swima_collector.c b/src/libimcv/swima/swima_collector.c
index 096093b01..d2b50616f 100644
--- a/src/libimcv/swima/swima_collector.c
+++ b/src/libimcv/swima/swima_collector.c
@@ -13,6 +13,8 @@
* for more details.
*/
+#define _GNU_SOURCE /* for asprintf() */
+
#include "swima_collector.h"
#include <swid_gen/swid_gen.h>
@@ -319,7 +321,7 @@ static status_t generate_tags(private_swima_collector_t *this,
static bool collect_tags(private_swima_collector_t *this, char *pathname,
swima_inventory_t *targets, bool is_swidtag_dir)
{
- char *rel_name, *abs_name, *suffix, *pos;
+ char *rel_name, *abs_name, *suffix, *pos, *uri;
chunk_t *swid_tag, sw_id, sw_locator;
swima_record_t *sw_record;
struct stat st;
@@ -433,8 +435,12 @@ static bool collect_tags(private_swima_collector_t *this, char *pathname,
}
DBG2(DBG_IMC, " %s", rel_name);
+ sw_locator = chunk_empty;
pos = strstr(pathname, "/swidtag");
- sw_locator = pos ? chunk_create(pathname, pos - pathname) : chunk_empty;
+ if (pos && asprintf(&uri, "file://%.*s", pos - pathname, pathname) > 0)
+ {
+ sw_locator = chunk_from_str(uri);
+ }
sw_record = swima_record_create(0, sw_id, sw_locator);
sw_record->set_source_id(sw_record, SOURCE_ID_COLLECTOR);
if (!this->sw_id_only)
@@ -442,8 +448,10 @@ static bool collect_tags(private_swima_collector_t *this, char *pathname,
sw_record->set_record(sw_record, *swid_tag);
}
this->inventory->add(this->inventory, sw_record);
+
chunk_unmap(swid_tag);
chunk_free(&sw_id);
+ chunk_free(&sw_locator);
}
success = TRUE;
diff --git a/src/libimcv/swima/swima_data_model.c b/src/libimcv/swima/swima_data_model.c
index f444724c1..f38d92145 100644
--- a/src/libimcv/swima/swima_data_model.c
+++ b/src/libimcv/swima/swima_data_model.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2017 Andreas Steffen
+ * Copyright (C) 2017-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -19,10 +19,10 @@
* ISO/IEC 19770-2-2015: Information Technology - Software Asset Management -
* Part 2: Software Identification Tag
*/
-pen_type_t swima_data_model_iso_2015_swid_xml = { PEN_IETF, 1 };
+pen_type_t swima_data_model_iso_2015_swid_xml = { PEN_IETF, 0 };
/**
* ISO/IEC 19770-2-2009: Information Technology - Software Asset Management -
* Part 2: Software Identification Tag
*/
-pen_type_t swima_data_model_iso_2009_swid_xml = { PEN_IETF, 2 };
+pen_type_t swima_data_model_iso_2009_swid_xml = { PEN_IETF, 1 };
diff --git a/src/libimcv/swima/swima_event.h b/src/libimcv/swima/swima_event.h
index fe69d6aad..7391f3e9f 100644
--- a/src/libimcv/swima/swima_event.h
+++ b/src/libimcv/swima/swima_event.h
@@ -25,6 +25,7 @@
#include <library.h>
+#define SWIMA_EVENT_ACTION_NONE 0
#define SWIMA_EVENT_ACTION_CREATION 1
#define SWIMA_EVENT_ACTION_DELETION 2
#define SWIMA_EVENT_ACTION_ALTERATION 3
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c
index d8acf0625..60e969a1c 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2011-2012 Sansar Choinyambuu
- * Copyright (C) 2011-2014 Andreas Steffen
+ * Copyright (C) 2011-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -165,6 +165,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
if (this->value.len < PTS_REQ_FILE_META_SIZE)
{
DBG1(DBG_TNC, "insufficient data for Request File Metadata");
+ return FAILED;
}
reader = bio_reader_create(this->value);
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c
index 9438fa062..c704e7d38 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2011-2012 Sansar Choinyambuu
- * Copyright (C) 2011-2014 Andreas Steffen
+ * Copyright (C) 2011-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -261,8 +261,9 @@ static const int tm_leap_1970 = 477;
*/
bool measurement_time_from_utc(time_t *measurement_time, chunk_t utc_time)
{
- int tm_year, tm_mon, tm_day, tm_days, tm_hour, tm_min, tm_sec, tm_secs;
+ int tm_year, tm_mon, tm_day, tm_hour, tm_min, tm_sec;
int tm_leap_4, tm_leap_100, tm_leap_400, tm_leap;
+ time_t tm_days, tm_secs;
char buf[BUF_LEN];
if (memeq(utc_undefined_time_str, utc_time.ptr, utc_time.len))
@@ -278,12 +279,24 @@ bool measurement_time_from_utc(time_t *measurement_time, chunk_t utc_time)
}
/* representation of months as 0..11 */
+ if (tm_mon < 1 || tm_mon > 12)
+ {
+ return FALSE;
+ }
tm_mon--;
/* representation of days as 0..30 */
+ if (tm_day < 1 || tm_day > 31)
+ {
+ return FALSE;
+ }
tm_day--;
/* number of leap years between last year and 1970? */
+ if (tm_year < 1970)
+ {
+ return FALSE;
+ }
tm_leap_4 = (tm_year - 1) / 4;
tm_leap_100 = tm_leap_4 / 25;
tm_leap_400 = tm_leap_100 / 4;
@@ -325,6 +338,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
if (this->value.len < PTS_SIMPLE_COMP_EVID_SIZE)
{
DBG1(DBG_TNC, "insufficient data for Simple Component Evidence");
+ return FAILED;
}
reader = bio_reader_create(this->value);
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c
index 267c85776..ea175bdfe 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c
@@ -71,7 +71,7 @@ enum pts_simple_evid_final_flag_t {
/** TPM PCR Composite and TPM Quote Signature not included */
PTS_SIMPLE_EVID_FINAL_NO = 0x00,
/** TPM Quote Info and TPM Quite Signature included
- * using TPM 2.0 Quote Info format */
+ * using TPM 2.0 Quote Info format */
PTS_SIMPLE_EVID_FINAL_EVID_QUOTE_INFO_TPM2 = 0x10,
/** Evidence Signature included */
PTS_SIMPLE_EVID_FINAL_EVID_SIG = 0x20,
@@ -208,7 +208,7 @@ METHOD(pa_tnc_attr_t, build, void,
return;
}
- quote_mode = this->quote_info->get_quote_mode(this->quote_info);
+ quote_mode = this->quote_info->get_quote_mode(this->quote_info);
switch (quote_mode)
{
case TPM_QUOTE:
@@ -258,7 +258,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_data16(writer, version_info);
writer->write_data16(writer, pcr_select);
}
-
+
if (quote_mode != TPM_QUOTE_NONE)
{
writer->write_data32(writer, this->quote_sig);
@@ -377,7 +377,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
this->quote_info->set_version_info(this->quote_info, version_info);
}
-
+
if (quote_mode != TPM_QUOTE_NONE)
{
if (!reader->read_data32(reader, &quote_sig))
diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_req.c b/src/libimcv/tcg/swid/tcg_swid_attr_req.c
deleted file mode 100644
index be35ee49d..000000000
--- a/src/libimcv/tcg/swid/tcg_swid_attr_req.c
+++ /dev/null
@@ -1,351 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_swid_attr_req.h"
-
-#include "swid/swid_tag_id.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-#include <collections/linked_list.h>
-
-typedef struct private_tcg_swid_attr_req_t private_tcg_swid_attr_req_t;
-
-/**
- * SWID Request
- * see section 4.7 of TCG TNC SWID Message and Attributes for IF-M
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * |C|S|R| Reserved| Tag ID Count |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Request ID |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Earliest EID |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Tag Creator Length | Tag Creator (variable length) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Unique Software ID Length |Unique Software ID (var length)|
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- */
-
-#define SWID_REQ_RESERVED_MASK 0xE0
-
-/**
- * Private data of an tcg_swid_attr_req_t object.
- */
-struct private_tcg_swid_attr_req_t {
-
- /**
- * Public members of tcg_swid_attr_req_t
- */
- tcg_swid_attr_req_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Length of attribute value
- */
- size_t length;
-
-
- /**
- * Attribute value or segment
- */
- chunk_t value;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * SWID request flags
- */
- uint8_t flags;
-
- /**
- * Request ID
- */
- uint32_t request_id;
-
- /**
- * Earliest EID
- */
- uint32_t earliest_eid;
-
- /**
- * List of Target Tag Identifiers
- */
- swid_inventory_t *targets;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_swid_attr_req_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_swid_attr_req_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_swid_attr_req_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_swid_attr_req_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_swid_attr_req_t *this)
-{
- bio_writer_t *writer;
- chunk_t tag_creator, unique_sw_id;
- swid_tag_id_t *tag_id;
- enumerator_t *enumerator;
-
- if (this->value.ptr)
- {
- return;
- }
-
- writer = bio_writer_create(TCG_SWID_REQ_MIN_SIZE);
- writer->write_uint8 (writer, this->flags);
- writer->write_uint24(writer, this->targets->get_count(this->targets));
- writer->write_uint32(writer, this->request_id);
- writer->write_uint32(writer, this->earliest_eid);
-
- enumerator = this->targets->create_enumerator(this->targets);
- while (enumerator->enumerate(enumerator, &tag_id))
- {
- tag_creator = tag_id->get_tag_creator(tag_id);
- unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
- writer->write_data16(writer, tag_creator);
- writer->write_data16(writer, unique_sw_id);
- }
- enumerator->destroy(enumerator);
-
- this->value = writer->extract_buf(writer);
- this->length = this->value.len;
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_swid_attr_req_t *this, uint32_t *offset)
-{
- bio_reader_t *reader;
- uint32_t tag_id_count;
- chunk_t tag_creator, unique_sw_id;
- swid_tag_id_t *tag_id;
-
- *offset = 0;
-
- if (this->value.len < this->length)
- {
- return NEED_MORE;
- }
- if (this->value.len < TCG_SWID_REQ_MIN_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for SWID Request");
- return FAILED;
- }
-
- reader = bio_reader_create(this->value);
- reader->read_uint8 (reader, &this->flags);
- reader->read_uint24(reader, &tag_id_count);
- reader->read_uint32(reader, &this->request_id);
- reader->read_uint32(reader, &this->earliest_eid);
-
- if (this->request_id == 0)
- {
- *offset = 4;
- return FAILED;
- }
- *offset = TCG_SWID_REQ_MIN_SIZE;
-
- this->flags &= SWID_REQ_RESERVED_MASK;
-
- while (tag_id_count--)
- {
- if (!reader->read_data16(reader, &tag_creator))
- {
- DBG1(DBG_TNC, "insufficient data for Tag Creator field");
- reader->destroy(reader);
- return FAILED;
- }
- *offset += 2 + tag_creator.len;
-
- if (!reader->read_data16(reader, &unique_sw_id))
- {
- DBG1(DBG_TNC, "insufficient data for Unique Software ID");
- reader->destroy(reader);
- return FAILED;
- }
- *offset += 2 + unique_sw_id.len;
-
- tag_id = swid_tag_id_create(tag_creator, unique_sw_id, chunk_empty);
- this->targets->add(this->targets, tag_id);
- }
- reader->destroy(reader);
-
- return SUCCESS;
-}
-
-METHOD(pa_tnc_attr_t, add_segment, void,
- private_tcg_swid_attr_req_t *this, chunk_t segment)
-{
- this->value = chunk_cat("mc", this->value, segment);
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_swid_attr_req_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_swid_attr_req_t *this)
-{
- if (ref_put(&this->ref))
- {
- this->targets->destroy(this->targets);
- free(this->value.ptr);
- free(this);
- }
-}
-
-METHOD(tcg_swid_attr_req_t, get_flags, uint8_t,
- private_tcg_swid_attr_req_t *this)
-{
- return this->flags;
-}
-
-METHOD(tcg_swid_attr_req_t, get_request_id, uint32_t,
- private_tcg_swid_attr_req_t *this)
-{
- return this->request_id;
-}
-
-METHOD(tcg_swid_attr_req_t, get_earliest_eid, uint32_t,
- private_tcg_swid_attr_req_t *this)
-{
- return this->earliest_eid;
-}
-
-METHOD(tcg_swid_attr_req_t, add_target, void,
- private_tcg_swid_attr_req_t *this, swid_tag_id_t *tag_id)
-{
- this->targets->add(this->targets, tag_id);
-}
-
-METHOD(tcg_swid_attr_req_t, get_targets, swid_inventory_t*,
- private_tcg_swid_attr_req_t *this)
-{
- return this->targets;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_swid_attr_req_create(uint8_t flags, uint32_t request_id,
- uint32_t eid)
-{
- private_tcg_swid_attr_req_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .add_segment = _add_segment,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_flags = _get_flags,
- .get_request_id = _get_request_id,
- .get_earliest_eid = _get_earliest_eid,
- .add_target = _add_target,
- .get_targets = _get_targets,
- },
- .type = { PEN_TCG, TCG_SWID_REQUEST },
- .flags = flags & SWID_REQ_RESERVED_MASK,
- .request_id = request_id,
- .earliest_eid = eid,
- .targets = swid_inventory_create(FALSE),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_swid_attr_req_create_from_data(size_t length, chunk_t data)
-{
- private_tcg_swid_attr_req_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .add_segment = _add_segment,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_flags = _get_flags,
- .get_request_id = _get_request_id,
- .get_earliest_eid = _get_earliest_eid,
- .add_target = _add_target,
- .get_targets = _get_targets,
- },
- .type = { PEN_TCG, TCG_SWID_REQUEST },
- .length = length,
- .value = chunk_clone(data),
- .targets = swid_inventory_create(FALSE),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_req.h b/src/libimcv/tcg/swid/tcg_swid_attr_req.h
deleted file mode 100644
index 2c85aaf6d..000000000
--- a/src/libimcv/tcg/swid/tcg_swid_attr_req.h
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * Copyright (C) 2013-2017 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_swid_attr_req tcg_swid_attr_req
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_SWID_ATTR_REQ_H_
-#define TCG_SWID_ATTR_REQ_H_
-
-#define TCG_SWID_REQ_MIN_SIZE 12
-
-typedef struct tcg_swid_attr_req_t tcg_swid_attr_req_t;
-typedef enum tcg_swid_attr_req_flag_t tcg_swid_attr_req_flag_t;
-
-enum tcg_swid_attr_req_flag_t {
- TCG_SWID_ATTR_REQ_FLAG_NONE = 0,
- TCG_SWID_ATTR_REQ_FLAG_C = (1 << 7),
- TCG_SWID_ATTR_REQ_FLAG_S = (1 << 6),
- TCG_SWID_ATTR_REQ_FLAG_R = (1 << 5)
-};
-
-#include "tcg/tcg_attr.h"
-#include "swid/swid_tag_id.h"
-#include "swid/swid_inventory.h"
-#include "pa_tnc/pa_tnc_attr.h"
-
-/**
- * Class implementing the TCG SWID Request attribute
- */
-struct tcg_swid_attr_req_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Get SWID request flags
- *
- * @return Flags
- */
- uint8_t (*get_flags)(tcg_swid_attr_req_t *this);
-
- /**
- * Get Request ID
- *
- * @return Request ID
- */
- uint32_t (*get_request_id)(tcg_swid_attr_req_t *this);
-
- /**
- * Get Earliest EID
- *
- * @return Event ID
- */
- uint32_t (*get_earliest_eid)(tcg_swid_attr_req_t *this);
-
- /**
- * Add Tag ID
- *
- * @param tag_id SWID Tag ID (is not cloned by constructor!)
- */
- void (*add_target)(tcg_swid_attr_req_t *this, swid_tag_id_t *tag_id);
-
- /**
- * Create Tag ID enumerator
- *
- * @return Get a list of target tag IDs
- */
- swid_inventory_t* (*get_targets)(tcg_swid_attr_req_t *this);
-
-};
-
-/**
- * Creates an tcg_swid_attr_req_t object
- *
- * @param flags Sets the C|S|R flags
- * @param request_id Request ID
- * @param eid Earliest Event ID
- */
-pa_tnc_attr_t* tcg_swid_attr_req_create(uint8_t flags, uint32_t request_id,
- uint32_t eid);
-
-/**
- * Creates an tcg_swid_attr_req_t object from received data
- *
- * @param length Total length of attribute value
- * @param value Unparsed attribute value (might be a segment)
- */
-pa_tnc_attr_t* tcg_swid_attr_req_create_from_data(size_t length, chunk_t value);
-
-#endif /** TCG_SWID_ATTR_REQ_H_ @}*/
diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c b/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c
deleted file mode 100644
index 560d5878f..000000000
--- a/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c
+++ /dev/null
@@ -1,396 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_swid_attr_tag_id_inv.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-
-
-typedef struct private_tcg_swid_attr_tag_id_inv_t private_tcg_swid_attr_tag_id_inv_t;
-
-/**
- * SWID Tag Identifier Inventory
- * see section 4.8 of TCG TNC SWID Message and Attributes for IF-M
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Reserved | Tag ID Count |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Request ID Copy |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | EID Epoch |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Last EID |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Tag Creator Length | Tag Creator (variable length) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Unique Software ID Length |Unique Software ID (var length)|
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Instance ID Length | Instance ID (variable length) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- */
-
-#define TCG_SWID_TAG_ID_INV_RESERVED 0x00
-
-/**
- * Private data of an tcg_swid_attr_tag_id_inv_t object.
- */
-struct private_tcg_swid_attr_tag_id_inv_t {
-
- /**
- * Public members of tcg_swid_attr_tag_id_inv_t
- */
- tcg_swid_attr_tag_id_inv_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Length of attribute value
- */
- size_t length;
-
- /**
- * Offset up to which attribute value has been processed
- */
- size_t offset;
-
- /**
- * Current position of attribute value pointer
- */
- chunk_t value;
-
- /**
- * Contains complete attribute or current segment
- */
- chunk_t segment;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * Request ID
- */
- uint32_t request_id;
-
- /**
- * Event ID Epoch
- */
- uint32_t eid_epoch;
-
- /**
- * Last Event ID
- */
- uint32_t last_eid;
-
- /**
- * Number of SWID Tag IDs in attribute
- */
- uint32_t tag_id_count;
-
- /**
- * SWID Tag ID Inventory
- */
- swid_inventory_t *inventory;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_swid_attr_tag_id_inv_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- bio_writer_t *writer;
- swid_tag_id_t *tag_id;
- chunk_t tag_creator, unique_sw_id, instance_id;
- enumerator_t *enumerator;
-
- if (this->value.ptr)
- {
- return;
- }
-
- writer = bio_writer_create(TCG_SWID_TAG_ID_INV_MIN_SIZE);
- writer->write_uint8 (writer, TCG_SWID_TAG_ID_INV_RESERVED);
- writer->write_uint24(writer, this->inventory->get_count(this->inventory));
- writer->write_uint32(writer, this->request_id);
- writer->write_uint32(writer, this->eid_epoch);
- writer->write_uint32(writer, this->last_eid);
-
- enumerator = this->inventory->create_enumerator(this->inventory);
- while (enumerator->enumerate(enumerator, &tag_id))
- {
- tag_creator = tag_id->get_tag_creator(tag_id);
- unique_sw_id = tag_id->get_unique_sw_id(tag_id, &instance_id);
- writer->write_data16(writer, tag_creator);
- writer->write_data16(writer, unique_sw_id);
- writer->write_data16(writer, instance_id);
- }
- enumerator->destroy(enumerator);
-
- this->value = writer->extract_buf(writer);
- this->segment = this->value;
- this->length = this->value.len;
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_swid_attr_tag_id_inv_t *this, uint32_t *offset)
-{
- bio_reader_t *reader;
- uint8_t reserved;
- chunk_t tag_creator, unique_sw_id, instance_id;
- swid_tag_id_t *tag_id;
- status_t status = NEED_MORE;
-
- if (this->offset == 0)
- {
- if (this->length < TCG_SWID_TAG_ID_INV_MIN_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_TCG,
- tcg_attr_names, this->type.type);
- *offset = this->offset;
- return FAILED;
- }
- if (this->value.len < TCG_SWID_TAG_ID_INV_MIN_SIZE)
- {
- return NEED_MORE;
- }
- reader = bio_reader_create(this->value);
- reader->read_uint8 (reader, &reserved);
- reader->read_uint24(reader, &this->tag_id_count);
- reader->read_uint32(reader, &this->request_id);
- reader->read_uint32(reader, &this->eid_epoch);
- reader->read_uint32(reader, &this->last_eid);
- this->offset = TCG_SWID_TAG_ID_INV_MIN_SIZE;
- this->value = reader->peek(reader);
- reader->destroy(reader);
- }
-
- reader = bio_reader_create(this->value);
-
- while (this->tag_id_count)
- {
- if (!reader->read_data16(reader, &tag_creator) ||
- !reader->read_data16(reader, &unique_sw_id) ||
- !reader->read_data16(reader, &instance_id))
- {
- goto end;
- }
- tag_id = swid_tag_id_create(tag_creator, unique_sw_id, instance_id);
- this->inventory->add(this->inventory, tag_id);
- this->offset += this->value.len - reader->remaining(reader);
- this->value = reader->peek(reader);
-
- /* at least one tag ID was processed */
- status = SUCCESS;
- this->tag_id_count--;
- }
-
- if (this->length != this->offset)
- {
- DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_TCG,
- tcg_attr_names, this->type.type);
- *offset = this->offset;
- status = FAILED;
- }
-
-end:
- reader->destroy(reader);
- return status;
-}
-
-METHOD(pa_tnc_attr_t, add_segment, void,
- private_tcg_swid_attr_tag_id_inv_t *this, chunk_t segment)
-{
- this->value = chunk_cat("cc", this->value, segment);
- chunk_free(&this->segment);
- this->segment = this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- if (ref_put(&this->ref))
- {
- this->inventory->destroy(this->inventory);
- free(this->segment.ptr);
- free(this);
- }
-}
-
-METHOD(tcg_swid_attr_tag_id_inv_t, add, void,
- private_tcg_swid_attr_tag_id_inv_t *this, swid_tag_id_t *tag_id)
-{
- this->inventory->add(this->inventory, tag_id);
-}
-
-METHOD(tcg_swid_attr_tag_id_inv_t, get_request_id, uint32_t,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- return this->request_id;
-}
-
-METHOD(tcg_swid_attr_tag_id_inv_t, get_last_eid, uint32_t,
- private_tcg_swid_attr_tag_id_inv_t *this, uint32_t *eid_epoch)
-{
- if (eid_epoch)
- {
- *eid_epoch = this->eid_epoch;
- }
- return this->last_eid;
-}
-
-METHOD(tcg_swid_attr_tag_id_inv_t, get_tag_id_count, uint32_t,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- return this->tag_id_count;
-}
-
-METHOD(tcg_swid_attr_tag_id_inv_t, get_inventory, swid_inventory_t*,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- return this->inventory;
-}
-
-METHOD(tcg_swid_attr_tag_id_inv_t, clear_inventory, void,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- this->inventory->destroy(this->inventory);
- this->inventory = swid_inventory_create(FALSE);
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(uint32_t request_id,
- uint32_t eid_epoch,
- uint32_t eid)
-{
- private_tcg_swid_attr_tag_id_inv_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .add_segment = _add_segment,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .add = _add,
- .get_request_id = _get_request_id,
- .get_last_eid = _get_last_eid,
- .get_tag_id_count = _get_tag_id_count,
- .get_inventory = _get_inventory,
- .clear_inventory = _clear_inventory,
- },
- .type = { PEN_TCG, TCG_SWID_TAG_ID_INVENTORY },
- .request_id = request_id,
- .eid_epoch = eid_epoch,
- .last_eid = eid,
- .inventory = swid_inventory_create(FALSE),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create_from_data(size_t length,
- chunk_t data)
-{
- private_tcg_swid_attr_tag_id_inv_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .add_segment = _add_segment,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .add = _add,
- .get_request_id = _get_request_id,
- .get_last_eid = _get_last_eid,
- .get_tag_id_count = _get_tag_id_count,
- .get_inventory = _get_inventory,
- .clear_inventory = _clear_inventory,
- },
- .type = { PEN_TCG, TCG_SWID_TAG_ID_INVENTORY },
- .length = length,
- .segment = chunk_clone(data),
- .inventory = swid_inventory_create(FALSE),
- .ref = 1,
- );
-
- /* received either complete attribute value or first segment */
- this->value = this->segment;
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h b/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h
deleted file mode 100644
index e9db9b3c6..000000000
--- a/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_swid_attr_tag_id_inv tcg_swid_attr_tag_id_inv
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_SWID_ATTR_TAG_ID_INV_H_
-#define TCG_SWID_ATTR_TAG_ID_INV_H_
-
-typedef struct tcg_swid_attr_tag_id_inv_t tcg_swid_attr_tag_id_inv_t;
-
-#include "tcg/tcg_attr.h"
-#include "swid/swid_tag_id.h"
-#include "swid/swid_inventory.h"
-
-#include <pa_tnc/pa_tnc_attr.h>
-
-#define TCG_SWID_TAG_ID_INV_MIN_SIZE 16
-
-/**
- * Class implementing the TCG SWID Tag Identifier Inventory attribute
- *
- */
-struct tcg_swid_attr_tag_id_inv_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Add a Tag ID to the attribute
- *
- * @param tag_id SWID Tag ID to be added
- */
- void (*add)(tcg_swid_attr_tag_id_inv_t *this, swid_tag_id_t *tag_id);
-
- /**
- * Get Request ID
- *
- * @return Request ID
- */
- uint32_t (*get_request_id)(tcg_swid_attr_tag_id_inv_t *this);
-
- /**
- * Get Last Event ID
- *
- * @param eid_epoch Event ID Epoch
- * @return Last Event ID
- */
- uint32_t (*get_last_eid)(tcg_swid_attr_tag_id_inv_t *this,
- uint32_t *eid_epoch);
-
- /**
- * Get count of remaining SWID tag IDs
- *
- * @return SWID Tag ID count
- */
- uint32_t (*get_tag_id_count)(tcg_swid_attr_tag_id_inv_t *this);
-
- /**
- * Get Inventory of SWID tag IDs
- *
- * @result SWID Tag ID Inventory
- */
- swid_inventory_t* (*get_inventory)(tcg_swid_attr_tag_id_inv_t *this);
-
- /**
- * Remove all SWID Tag IDs from the Inventory
- */
- void (*clear_inventory)(tcg_swid_attr_tag_id_inv_t *this);
-
-};
-
-/**
- * Creates an tcg_swid_attr_tag_id_inv_t object
- *
- * @param request_id Copy of the Request ID
- * @param eid_epoch Event ID Epoch
- * @param eid Last Event ID
- */
-pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create(uint32_t request_id,
- uint32_t eid_epoch,
- uint32_t eid);
-
-/**
- * Creates an tcg_swid_attr_tag_id_inv_t object from received data
- *
- * @param length Total length of attribute value
- * @param value Unparsed attribute value (might be a segment)
- */
-pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create_from_data(size_t length,
- chunk_t value);
-
-#endif /** TCG_SWID_ATTR_TAG_ID_INV_H_ @}*/
diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c b/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c
deleted file mode 100644
index 013482441..000000000
--- a/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c
+++ /dev/null
@@ -1,389 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_swid_attr_tag_inv.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-
-
-typedef struct private_tcg_swid_attr_tag_inv_t private_tcg_swid_attr_tag_inv_t;
-
-/**
- * SWID Tag Inventory
- * see section 4.10 of TCG TNC SWID Message and Attributes for IF-M
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Reserved | Tag ID Count |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Request ID Copy |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | EID Epoch |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Last EID |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Instance ID Length | Instance ID (var. length) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Tag Length |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Tag (Variable) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- */
-
-#define TCG_SWID_TAG_INV_RESERVED 0x00
-
-/**
- * Private data of an tcg_swid_attr_tag_inv_t object.
- */
-struct private_tcg_swid_attr_tag_inv_t {
-
- /**
- * Public members of tcg_swid_attr_tag_inv_t
- */
- tcg_swid_attr_tag_inv_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Length of attribute value
- */
- size_t length;
-
- /**
- * Offset up to which attribute value has been processed
- */
- size_t offset;
-
- /**
- * Current position of attribute value pointer
- */
- chunk_t value;
-
- /**
- * Contains complete attribute or current segment
- */
- chunk_t segment;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * Request ID
- */
- uint32_t request_id;
-
- /**
- * Event ID Epoch
- */
- uint32_t eid_epoch;
-
- /**
- * Last Event ID
- */
- uint32_t last_eid;
-
- /**
- * Number of SWID Tags in attribute
- */
- uint32_t tag_count;
-
- /**
- * SWID Tag Inventory
- */
- swid_inventory_t *inventory;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_swid_attr_tag_inv_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- bio_writer_t *writer;
- swid_tag_t *tag;
- enumerator_t *enumerator;
-
- if (this->value.ptr)
- {
- return;
- }
-
- writer = bio_writer_create(TCG_SWID_TAG_INV_MIN_SIZE);
- writer->write_uint8 (writer, TCG_SWID_TAG_INV_RESERVED);
- writer->write_uint24(writer, this->inventory->get_count(this->inventory));
- writer->write_uint32(writer, this->request_id);
- writer->write_uint32(writer, this->eid_epoch);
- writer->write_uint32(writer, this->last_eid);
-
- enumerator = this->inventory->create_enumerator(this->inventory);
- while (enumerator->enumerate(enumerator, &tag))
- {
- writer->write_data16(writer, tag->get_instance_id(tag));
- writer->write_data32(writer, tag->get_encoding(tag));
- }
- enumerator->destroy(enumerator);
-
- this->value = writer->extract_buf(writer);
- this->segment = this->value;
- this->length = this->value.len;
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_swid_attr_tag_inv_t *this, uint32_t *offset)
-{
- bio_reader_t *reader;
- uint8_t reserved;
- chunk_t tag_encoding, instance_id;
- swid_tag_t *tag;
- status_t status = NEED_MORE;
-
- if (this->offset == 0)
- {
- if (this->length < TCG_SWID_TAG_INV_MIN_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_TCG,
- tcg_attr_names, this->type.type);
- *offset = this->offset;
- return FAILED;
- }
- if (this->value.len < TCG_SWID_TAG_INV_MIN_SIZE)
- {
- return NEED_MORE;
- }
- reader = bio_reader_create(this->value);
- reader->read_uint8 (reader, &reserved);
- reader->read_uint24(reader, &this->tag_count);
- reader->read_uint32(reader, &this->request_id);
- reader->read_uint32(reader, &this->eid_epoch);
- reader->read_uint32(reader, &this->last_eid);
- this->offset = TCG_SWID_TAG_INV_MIN_SIZE;
- this->value = reader->peek(reader);
- reader->destroy(reader);
- }
-
- reader = bio_reader_create(this->value);
-
- while (this->tag_count)
- {
- if (!reader->read_data16(reader, &instance_id) ||
- !reader->read_data32(reader, &tag_encoding))
- {
- goto end;
- }
- tag = swid_tag_create(tag_encoding, instance_id);
- this->inventory->add(this->inventory, tag);
- this->offset += this->value.len - reader->remaining(reader);
- this->value = reader->peek(reader);
-
- /* at least one tag was processed */
- status = SUCCESS;
- this->tag_count--;
- }
-
- if (this->length != this->offset)
- {
- DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_TCG,
- tcg_attr_names, this->type.type);
- *offset = this->offset;
- status = FAILED;
- }
-
-end:
- reader->destroy(reader);
- return status;
-}
-
-METHOD(pa_tnc_attr_t, add_segment, void,
- private_tcg_swid_attr_tag_inv_t *this, chunk_t segment)
-{
- this->value = chunk_cat("cc", this->value, segment);
- chunk_free(&this->segment);
- this->segment = this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- if (ref_put(&this->ref))
- {
- this->inventory->destroy(this->inventory);
- free(this->segment.ptr);
- free(this);
- }
-}
-
-METHOD(tcg_swid_attr_tag_inv_t, add, void,
- private_tcg_swid_attr_tag_inv_t *this, swid_tag_t *tag)
-{
- this->inventory->add(this->inventory, tag);
-}
-
-METHOD(tcg_swid_attr_tag_inv_t, get_request_id, uint32_t,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- return this->request_id;
-}
-
-METHOD(tcg_swid_attr_tag_inv_t, get_last_eid, uint32_t,
- private_tcg_swid_attr_tag_inv_t *this, uint32_t *eid_epoch)
-{
- if (eid_epoch)
- {
- *eid_epoch = this->eid_epoch;
- }
- return this->last_eid;
-}
-
-METHOD(tcg_swid_attr_tag_inv_t, get_tag_count, uint32_t,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- return this->tag_count;
-}
-
-METHOD(tcg_swid_attr_tag_inv_t, get_inventory, swid_inventory_t*,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- return this->inventory;
-}
-
-METHOD(tcg_swid_attr_tag_inv_t, clear_inventory, void,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- this->inventory->destroy(this->inventory);
- this->inventory = swid_inventory_create(TRUE);
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(uint32_t request_id,
- uint32_t eid_epoch, uint32_t eid)
-{
- private_tcg_swid_attr_tag_inv_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .add_segment = _add_segment,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .add = _add,
- .get_request_id = _get_request_id,
- .get_last_eid = _get_last_eid,
- .get_tag_count = _get_tag_count,
- .get_inventory = _get_inventory,
- .clear_inventory = _clear_inventory,
- },
- .type = { PEN_TCG, TCG_SWID_TAG_INVENTORY },
- .request_id = request_id,
- .eid_epoch = eid_epoch,
- .last_eid = eid,
- .inventory = swid_inventory_create(TRUE),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_swid_attr_tag_inv_create_from_data(size_t length,
- chunk_t data)
-{
- private_tcg_swid_attr_tag_inv_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .add_segment = _add_segment,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .add = _add,
- .get_request_id = _get_request_id,
- .get_last_eid = _get_last_eid,
- .get_tag_count = _get_tag_count,
- .get_inventory = _get_inventory,
- .clear_inventory = _clear_inventory,
- },
- .type = { PEN_TCG, TCG_SWID_TAG_INVENTORY },
- .length = length,
- .segment = chunk_clone(data),
- .inventory = swid_inventory_create(TRUE),
- .ref = 1,
- );
-
- /* received either complete attribute value or first segment */
- this->value = this->segment;
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h b/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h
deleted file mode 100644
index 43ebd9e2a..000000000
--- a/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_swid_attr_tag_inv tcg_swid_attr_tag_inv
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_SWID_ATTR_TAG_INV_H_
-#define TCG_SWID_ATTR_TAG_INV_H_
-
-typedef struct tcg_swid_attr_tag_inv_t tcg_swid_attr_tag_inv_t;
-
-#include "tcg/tcg_attr.h"
-#include "swid/swid_tag.h"
-#include "swid/swid_inventory.h"
-
-#include <pa_tnc/pa_tnc_attr.h>
-
-#define TCG_SWID_TAG_INV_MIN_SIZE 16
-
-/**
- * Class implementing the TCG SWID Tag Inventory attribute
- *
- */
-struct tcg_swid_attr_tag_inv_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Add a Tag ID to the attribute
- *
- * @param tag SWID Tag to be added
- */
- void (*add)(tcg_swid_attr_tag_inv_t *this, swid_tag_t *tag);
- /**
- * Get Request ID
- *
- * @return Request ID
- */
- uint32_t (*get_request_id)(tcg_swid_attr_tag_inv_t *this);
-
- /**
- * Get Last Event ID
- *
- * @param eid_epoch Event ID Epoch
- * @return Last Event ID
- */
- uint32_t (*get_last_eid)(tcg_swid_attr_tag_inv_t *this,
- uint32_t *eid_epoch);
-
- /**
- * Get count of remaining SWID tags
- *
- * @return SWID Tag count
- */
- uint32_t (*get_tag_count)(tcg_swid_attr_tag_inv_t *this);
-
- /**
- * Get Inventory of SWID tags
- *
- * @result SWID Tag Inventory
- */
- swid_inventory_t* (*get_inventory)(tcg_swid_attr_tag_inv_t *this);
-
- /**
- * Remove all SWID Tags from the Inventory
- */
- void (*clear_inventory)(tcg_swid_attr_tag_inv_t *this);
-
-};
-
-/**
- * Creates an tcg_swid_attr_tag_inv_t object
- *
- * @param request_id Copy of the Request ID
- * @param eid_epoch Event ID Epoch
- * @param eid Last Event ID
- */
-pa_tnc_attr_t* tcg_swid_attr_tag_inv_create(uint32_t request_id,
- uint32_t eid_epoch,
- uint32_t eid);
-
-/**
- * Creates an tcg_swid_attr_tag_inv_t object from received data
- *
- * @param length Total length of attribute value
- * @param value Unparsed attribute value (might be a segment)
- */
-pa_tnc_attr_t* tcg_swid_attr_tag_inv_create_from_data(size_t length,
- chunk_t value);
-
-#endif /** TCG_SWID_ATTR_TAG_INV_H_ @}*/
diff --git a/src/libimcv/tcg/tcg_attr.c b/src/libimcv/tcg/tcg_attr.c
index ab1fa43a5..f6b1df7ec 100644
--- a/src/libimcv/tcg/tcg_attr.c
+++ b/src/libimcv/tcg/tcg_attr.c
@@ -31,9 +31,6 @@
#include "tcg/pts/tcg_pts_attr_file_meas.h"
#include "tcg/pts/tcg_pts_attr_req_file_meta.h"
#include "tcg/pts/tcg_pts_attr_unix_file_meta.h"
-#include "tcg/swid/tcg_swid_attr_req.h"
-#include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
-#include "tcg/swid/tcg_swid_attr_tag_inv.h"
#include "tcg/seg/tcg_seg_attr_max_size.h"
#include "tcg/seg/tcg_seg_attr_seg_env.h"
#include "tcg/seg/tcg_seg_attr_next_seg.h"
@@ -189,12 +186,6 @@ pa_tnc_attr_t* tcg_attr_create_from_data(uint32_t type, size_t length, chunk_t v
{
switch (type)
{
- case TCG_SWID_REQUEST:
- return tcg_swid_attr_req_create_from_data(length, value);
- case TCG_SWID_TAG_ID_INVENTORY:
- return tcg_swid_attr_tag_id_inv_create_from_data(length, value);
- case TCG_SWID_TAG_INVENTORY:
- return tcg_swid_attr_tag_inv_create_from_data(length, value);
case TCG_SEG_MAX_ATTR_SIZE_REQ:
return tcg_seg_attr_max_size_create_from_data(length, value, TRUE);
case TCG_SEG_MAX_ATTR_SIZE_RESP:
@@ -253,6 +244,9 @@ pa_tnc_attr_t* tcg_attr_create_from_data(uint32_t type, size_t length, chunk_t v
case TCG_PTS_UNIX_FILE_META:
return tcg_pts_attr_unix_file_meta_create_from_data(length, value);
/* unsupported TCG/SWID attributes */
+ case TCG_SWID_REQUEST:
+ case TCG_SWID_TAG_ID_INVENTORY:
+ case TCG_SWID_TAG_INVENTORY:
case TCG_SWID_TAG_ID_EVENTS:
case TCG_SWID_TAG_EVENTS:
case TCG_SWID_SUBSCRIPTION_STATUS_REQ:
diff --git a/src/libipsec/Makefile.in b/src/libipsec/Makefile.in
index 834be0eeb..63074a965 100644
--- a/src/libipsec/Makefile.in
+++ b/src/libipsec/Makefile.in
@@ -353,7 +353,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -379,6 +378,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -399,8 +400,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -455,8 +454,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -485,8 +482,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libipsec/tests/Makefile.in b/src/libipsec/tests/Makefile.in
index ab5af4634..4f0b129f0 100644
--- a/src/libipsec/tests/Makefile.in
+++ b/src/libipsec/tests/Makefile.in
@@ -306,7 +306,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -332,6 +331,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -352,8 +353,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -408,8 +407,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -438,8 +435,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libpttls/Makefile.in b/src/libpttls/Makefile.in
index c0119f12b..344cddce1 100644
--- a/src/libpttls/Makefile.in
+++ b/src/libpttls/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libpttls/pt_tls.h b/src/libpttls/pt_tls.h
index 3a1feae53..6f5bd160f 100644
--- a/src/libpttls/pt_tls.h
+++ b/src/libpttls/pt_tls.h
@@ -69,7 +69,7 @@ enum pt_tls_message_type_t {
extern enum_name_t *pt_tls_message_type_names;
/**
- * Result code for a single SASL mechansim, as sent in PT_TLS_SASL_RESULT
+ * Result code for a single SASL mechanism, as sent in PT_TLS_SASL_RESULT
*/
enum pt_tls_sasl_result_t {
PT_TLS_SASL_RESULT_SUCCESS = 0,
diff --git a/src/libpttls/pt_tls_client.c b/src/libpttls/pt_tls_client.c
index 167918811..265a4a09a 100644
--- a/src/libpttls/pt_tls_client.c
+++ b/src/libpttls/pt_tls_client.c
@@ -225,7 +225,7 @@ static status_t do_sasl(private_pt_tls_client_t *this, sasl_mechanism_t *sasl)
reader->destroy(reader);
return SUCCESS;
case NEED_MORE:
- /* inacceptable, it won't get more. FALL */
+ /* unacceptable, it won't get more. FALL */
case FAILED:
default:
reader->destroy(reader);
diff --git a/src/libradius/Makefile.in b/src/libradius/Makefile.in
index 4e5936ffc..73d1805a9 100644
--- a/src/libradius/Makefile.in
+++ b/src/libradius/Makefile.in
@@ -306,7 +306,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -332,6 +331,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -352,8 +353,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -408,8 +407,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -438,8 +435,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in
index edd978d78..331e8e920 100644
--- a/src/libsimaka/Makefile.in
+++ b/src/libsimaka/Makefile.in
@@ -309,7 +309,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -335,6 +334,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -355,8 +356,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -411,8 +410,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -441,8 +438,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index 66539a879..e6d7ce74b 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -565,6 +565,13 @@ if MONOLITHIC
endif
endif
+if USE_BOTAN
+ SUBDIRS += plugins/botan
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/botan/libstrongswan-botan.la
+endif
+endif
+
if USE_FIPS_PRF
SUBDIRS += plugins/fips_prf
if MONOLITHIC
diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in
index a0eb8b6b5..b6bb52740 100644
--- a/src/libstrongswan/Makefile.in
+++ b/src/libstrongswan/Makefile.in
@@ -220,35 +220,37 @@ host_triplet = @host@
@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_106 = plugins/openssl/libstrongswan-openssl.la
@USE_GCRYPT_TRUE@am__append_107 = plugins/gcrypt
@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_108 = plugins/gcrypt/libstrongswan-gcrypt.la
-@USE_FIPS_PRF_TRUE@am__append_109 = plugins/fips_prf
-@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_110 = plugins/fips_prf/libstrongswan-fips-prf.la
-@USE_AGENT_TRUE@am__append_111 = plugins/agent
-@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_112 = plugins/agent/libstrongswan-agent.la
-@USE_KEYCHAIN_TRUE@am__append_113 = plugins/keychain
-@MONOLITHIC_TRUE@@USE_KEYCHAIN_TRUE@am__append_114 = plugins/keychain/libstrongswan-keychain.la
-@USE_PKCS11_TRUE@am__append_115 = plugins/pkcs11
-@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_116 = plugins/pkcs11/libstrongswan-pkcs11.la
-@USE_CHAPOLY_TRUE@am__append_117 = plugins/chapoly
-@MONOLITHIC_TRUE@@USE_CHAPOLY_TRUE@am__append_118 = plugins/chapoly/libstrongswan-chapoly.la
-@USE_CTR_TRUE@am__append_119 = plugins/ctr
-@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_120 = plugins/ctr/libstrongswan-ctr.la
-@USE_CCM_TRUE@am__append_121 = plugins/ccm
-@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_122 = plugins/ccm/libstrongswan-ccm.la
-@USE_GCM_TRUE@am__append_123 = plugins/gcm
-@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_124 = plugins/gcm/libstrongswan-gcm.la
-@USE_MGF1_TRUE@am__append_125 = plugins/mgf1
-@MONOLITHIC_TRUE@@USE_MGF1_TRUE@am__append_126 = plugins/mgf1/libstrongswan-mgf1.la
-@USE_NTRU_TRUE@am__append_127 = plugins/ntru
-@MONOLITHIC_TRUE@@USE_NTRU_TRUE@am__append_128 = plugins/ntru/libstrongswan-ntru.la
-@USE_BLISS_TRUE@am__append_129 = plugins/bliss
-@MONOLITHIC_TRUE@@USE_BLISS_TRUE@am__append_130 = plugins/bliss/libstrongswan-bliss.la
-@USE_NEWHOPE_TRUE@am__append_131 = plugins/newhope
-@MONOLITHIC_TRUE@@USE_NEWHOPE_TRUE@am__append_132 = plugins/newhope/libstrongswan-newhope.la
-@USE_TEST_VECTORS_TRUE@am__append_133 = plugins/test_vectors
-@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_134 = plugins/test_vectors/libstrongswan-test-vectors.la
-@USE_LIBNTTFFT_TRUE@am__append_135 = math/libnttfft/tests
-@USE_BLISS_TRUE@am__append_136 = plugins/bliss/tests
-@USE_NEWHOPE_TRUE@am__append_137 = plugins/newhope/tests
+@USE_BOTAN_TRUE@am__append_109 = plugins/botan
+@MONOLITHIC_TRUE@@USE_BOTAN_TRUE@am__append_110 = plugins/botan/libstrongswan-botan.la
+@USE_FIPS_PRF_TRUE@am__append_111 = plugins/fips_prf
+@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_112 = plugins/fips_prf/libstrongswan-fips-prf.la
+@USE_AGENT_TRUE@am__append_113 = plugins/agent
+@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_114 = plugins/agent/libstrongswan-agent.la
+@USE_KEYCHAIN_TRUE@am__append_115 = plugins/keychain
+@MONOLITHIC_TRUE@@USE_KEYCHAIN_TRUE@am__append_116 = plugins/keychain/libstrongswan-keychain.la
+@USE_PKCS11_TRUE@am__append_117 = plugins/pkcs11
+@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_118 = plugins/pkcs11/libstrongswan-pkcs11.la
+@USE_CHAPOLY_TRUE@am__append_119 = plugins/chapoly
+@MONOLITHIC_TRUE@@USE_CHAPOLY_TRUE@am__append_120 = plugins/chapoly/libstrongswan-chapoly.la
+@USE_CTR_TRUE@am__append_121 = plugins/ctr
+@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_122 = plugins/ctr/libstrongswan-ctr.la
+@USE_CCM_TRUE@am__append_123 = plugins/ccm
+@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_124 = plugins/ccm/libstrongswan-ccm.la
+@USE_GCM_TRUE@am__append_125 = plugins/gcm
+@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_126 = plugins/gcm/libstrongswan-gcm.la
+@USE_MGF1_TRUE@am__append_127 = plugins/mgf1
+@MONOLITHIC_TRUE@@USE_MGF1_TRUE@am__append_128 = plugins/mgf1/libstrongswan-mgf1.la
+@USE_NTRU_TRUE@am__append_129 = plugins/ntru
+@MONOLITHIC_TRUE@@USE_NTRU_TRUE@am__append_130 = plugins/ntru/libstrongswan-ntru.la
+@USE_BLISS_TRUE@am__append_131 = plugins/bliss
+@MONOLITHIC_TRUE@@USE_BLISS_TRUE@am__append_132 = plugins/bliss/libstrongswan-bliss.la
+@USE_NEWHOPE_TRUE@am__append_133 = plugins/newhope
+@MONOLITHIC_TRUE@@USE_NEWHOPE_TRUE@am__append_134 = plugins/newhope/libstrongswan-newhope.la
+@USE_TEST_VECTORS_TRUE@am__append_135 = plugins/test_vectors
+@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_136 = plugins/test_vectors/libstrongswan-test-vectors.la
+@USE_LIBNTTFFT_TRUE@am__append_137 = math/libnttfft/tests
+@USE_BLISS_TRUE@am__append_138 = plugins/bliss/tests
+@USE_NEWHOPE_TRUE@am__append_139 = plugins/newhope/tests
subdir = src/libstrongswan
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -328,7 +330,8 @@ libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
$(am__append_112) $(am__append_114) $(am__append_116) \
$(am__append_118) $(am__append_120) $(am__append_122) \
$(am__append_124) $(am__append_126) $(am__append_128) \
- $(am__append_130) $(am__append_132) $(am__append_134)
+ $(am__append_130) $(am__append_132) $(am__append_134) \
+ $(am__append_136)
am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \
asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c \
bio/bio_writer.c collections/blocking_queue.c \
@@ -665,10 +668,10 @@ DIST_SUBDIRS = . math/libnttfft plugins/af_alg plugins/aes plugins/des \
plugins/sshkey plugins/pem plugins/curl plugins/files \
plugins/winhttp plugins/unbound plugins/soup plugins/ldap \
plugins/mysql plugins/sqlite plugins/padlock plugins/openssl \
- plugins/gcrypt plugins/fips_prf plugins/agent plugins/keychain \
- plugins/pkcs11 plugins/chapoly plugins/ctr plugins/ccm \
- plugins/gcm plugins/mgf1 plugins/ntru plugins/bliss \
- plugins/newhope plugins/test_vectors tests \
+ plugins/gcrypt plugins/botan plugins/fips_prf plugins/agent \
+ plugins/keychain plugins/pkcs11 plugins/chapoly plugins/ctr \
+ plugins/ccm plugins/gcm plugins/mgf1 plugins/ntru \
+ plugins/bliss plugins/newhope plugins/test_vectors tests \
math/libnttfft/tests plugins/bliss/tests plugins/newhope/tests
am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \
$(top_srcdir)/ylwrap settings/settings_lexer.c \
@@ -798,7 +801,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -824,6 +826,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -844,8 +848,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -900,8 +902,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -930,8 +930,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
@@ -1080,7 +1084,7 @@ libstrongswan_la_LIBADD = $(DLLIB) $(ATOMICLIB) $(BTLIB) $(SOCKLIB) \
$(am__append_114) $(am__append_116) $(am__append_118) \
$(am__append_120) $(am__append_122) $(am__append_124) \
$(am__append_126) $(am__append_128) $(am__append_130) \
- $(am__append_132) $(am__append_134)
+ $(am__append_132) $(am__append_134) $(am__append_136)
AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \
-DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_LIB_DIR=\"${ipseclibdir}\" \
-DPLUGINDIR=\"${plugindir}\" \
@@ -1142,8 +1146,9 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c
@MONOLITHIC_FALSE@ $(am__append_121) $(am__append_123) \
@MONOLITHIC_FALSE@ $(am__append_125) $(am__append_127) \
@MONOLITHIC_FALSE@ $(am__append_129) $(am__append_131) \
-@MONOLITHIC_FALSE@ $(am__append_133) tests $(am__append_135) \
-@MONOLITHIC_FALSE@ $(am__append_136) $(am__append_137)
+@MONOLITHIC_FALSE@ $(am__append_133) $(am__append_135) tests \
+@MONOLITHIC_FALSE@ $(am__append_137) $(am__append_138) \
+@MONOLITHIC_FALSE@ $(am__append_139)
# build unit tests
##################
@@ -1175,8 +1180,9 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c
@MONOLITHIC_TRUE@ $(am__append_121) $(am__append_123) \
@MONOLITHIC_TRUE@ $(am__append_125) $(am__append_127) \
@MONOLITHIC_TRUE@ $(am__append_129) $(am__append_131) \
-@MONOLITHIC_TRUE@ $(am__append_133) . tests $(am__append_135) \
-@MONOLITHIC_TRUE@ $(am__append_136) $(am__append_137)
+@MONOLITHIC_TRUE@ $(am__append_133) $(am__append_135) . tests \
+@MONOLITHIC_TRUE@ $(am__append_137) $(am__append_138) \
+@MONOLITHIC_TRUE@ $(am__append_139)
all: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) all-recursive
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index 79cb17ed1..aa649e969 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -825,7 +825,6 @@ chunk_t asn1_simple_object(asn1_t tag, chunk_t content)
u_char *pos = asn1_build_object(&object, tag, content.len);
memcpy(pos, content.ptr, content.len);
- pos += content.len;
return object;
}
diff --git a/src/libstrongswan/bio/bio_reader.c b/src/libstrongswan/bio/bio_reader.c
index 82e405002..e6b459bbf 100644
--- a/src/libstrongswan/bio/bio_reader.c
+++ b/src/libstrongswan/bio/bio_reader.c
@@ -122,13 +122,16 @@ static bool read_uint16_internal(private_bio_reader_t *this, uint16_t *res,
static bool read_uint24_internal(private_bio_reader_t *this, uint32_t *res,
bool from_end)
{
+ uint32_t tmp;
+
if (this->buf.len < 3)
{
DBG1(DBG_LIB, "%d bytes insufficient to parse u_int24 data",
this->buf.len);
return FALSE;
}
- *res = untoh32(get_ptr_end(this, 3, from_end)) >> 8;
+ memcpy(&tmp, get_ptr_end(this, 3, from_end), 3);
+ *res = ntohl(tmp) >> 8;
this->buf = chunk_skip_end(this->buf, 3, from_end);
return TRUE;
}
diff --git a/src/libstrongswan/bio/bio_reader.h b/src/libstrongswan/bio/bio_reader.h
index fbca8bdf5..859fa8a73 100644
--- a/src/libstrongswan/bio/bio_reader.h
+++ b/src/libstrongswan/bio/bio_reader.h
@@ -142,7 +142,7 @@ struct bio_reader_t {
* Read a chunk of len bytes from the end of the buffer, reduce remaining.
*
* @param len number of bytes to read
- * @param res ponter to result, not cloned
+ * @param res pointer to result, not cloned
* @return TRUE if data read successfully
*/
bool (*read_data_end)(bio_reader_t *this, uint32_t len, chunk_t *res);
diff --git a/src/libstrongswan/collections/linked_list.c b/src/libstrongswan/collections/linked_list.c
index 5ad7360d6..c7342c6d6 100644
--- a/src/libstrongswan/collections/linked_list.c
+++ b/src/libstrongswan/collections/linked_list.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2015 Tobias Brunner
+ * Copyright (C) 2007-2018 Tobias Brunner
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -111,7 +111,7 @@ struct private_enumerator_t {
/**
* implements enumerator interface
*/
- enumerator_t enumerator;
+ enumerator_t public;
/**
* associated linked list
@@ -122,35 +122,19 @@ struct private_enumerator_t {
* current item
*/
element_t *current;
-
- /**
- * enumerator has enumerated all items
- */
- bool finished;
};
-METHOD(enumerator_t, enumerate, bool,
- private_enumerator_t *this, va_list args)
+/**
+ * Enumerate the current item
+ */
+static bool do_enumerate(private_enumerator_t *this, va_list args)
{
void **item;
VA_ARGS_VGET(args, item);
- if (this->finished)
- {
- return FALSE;
- }
if (!this->current)
{
- this->current = this->list->first;
- }
- else
- {
- this->current = this->current->next;
- }
- if (!this->current)
- {
- this->finished = TRUE;
return FALSE;
}
if (item)
@@ -160,28 +144,46 @@ METHOD(enumerator_t, enumerate, bool,
return TRUE;
}
+METHOD(enumerator_t, enumerate_next, bool,
+ private_enumerator_t *this, va_list args)
+{
+ if (this->current)
+ {
+ this->current = this->current->next;
+ }
+ return do_enumerate(this, args);
+}
+
+METHOD(enumerator_t, enumerate_current, bool,
+ private_enumerator_t *this, va_list args)
+{
+ this->public.venumerate = _enumerate_next;
+ return do_enumerate(this, args);
+}
+
METHOD(linked_list_t, create_enumerator, enumerator_t*,
private_linked_list_t *this)
{
private_enumerator_t *enumerator;
INIT(enumerator,
- .enumerator = {
+ .public = {
.enumerate = enumerator_enumerate_default,
- .venumerate = _enumerate,
+ .venumerate = _enumerate_current,
.destroy = (void*)free,
},
.list = this,
+ .current = this->first,
);
- return &enumerator->enumerator;
+ return &enumerator->public;
}
METHOD(linked_list_t, reset_enumerator, void,
private_linked_list_t *this, private_enumerator_t *enumerator)
{
- enumerator->current = NULL;
- enumerator->finished = FALSE;
+ enumerator->current = this->first;
+ enumerator->public.venumerate = _enumerate_current;
}
METHOD(linked_list_t, get_count, int,
@@ -298,14 +300,7 @@ METHOD(linked_list_t, insert_before, void,
current = enumerator->current;
if (!current)
{
- if (enumerator->finished)
- {
- this->public.insert_last(&this->public, item);
- }
- else
- {
- this->public.insert_first(&this->public, item);
- }
+ insert_last(this, item);
return;
}
element = element_create(item);
@@ -377,7 +372,9 @@ METHOD(linked_list_t, remove_at, void,
if (enumerator->current)
{
current = enumerator->current;
- enumerator->current = current->previous;
+ enumerator->current = current->next;
+ /* the enumerator already points to the next item */
+ enumerator->public.venumerate = _enumerate_current;
remove_element(this, current);
}
}
diff --git a/src/libstrongswan/collections/linked_list.h b/src/libstrongswan/collections/linked_list.h
index a9cb7f0d4..315fb0520 100644
--- a/src/libstrongswan/collections/linked_list.h
+++ b/src/libstrongswan/collections/linked_list.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2017 Tobias Brunner
+ * Copyright (C) 2007-2018 Tobias Brunner
* Copyright (C) 2005-2008 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -102,12 +102,17 @@ struct linked_list_t {
/**
* Inserts a new item before the item the enumerator currently points to.
*
- * If this method is called before starting the enumeration the item is
- * inserted first. If it is called after all items have been enumerated
- * the item is inserted last. This is helpful when inserting items into
- * a sorted list.
+ * If this method is called after all items have been enumerated, the item
+ * is inserted last. This is helpful when inserting items into a sorted
+ * list.
*
- * @note The position of the enumerator is not changed.
+ * @note The position of the enumerator is not changed. So it is safe to
+ * call this before or after remove_at() to replace the item at the current
+ * position (the enumerator will continue with the next item in the list).
+ * And in particular, when inserting an item before calling enumerate(),
+ * the enumeration will continue (or start) at the item that was first in
+ * the list before any items were inserted (enumerate() will return FALSE
+ * if the list was empty before).
*
* @param enumerator enumerator with position
* @param item item value to insert in list
@@ -118,6 +123,10 @@ struct linked_list_t {
/**
* Remove an item from the list where the enumerator points to.
*
+ * If this method is called before calling enumerate() of the enumerator,
+ * the first item in the list, if any, will be removed. No item is removed,
+ * if the method is called after enumerating all items.
+ *
* @param enumerator enumerator with position
*/
void (*remove_at)(linked_list_t *this, enumerator_t *enumerator);
diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h
index b473223e4..38c40c87d 100644
--- a/src/libstrongswan/credentials/auth_cfg.h
+++ b/src/libstrongswan/credentials/auth_cfg.h
@@ -141,7 +141,7 @@ extern enum_name_t *auth_rule_names;
* RFC4739 defines multiple authentication rounds. This class defines such
* a round from a configuration perspective, either for the local or the remote
* peer. Local configs are called "rulesets". They define how we authenticate.
- * Remote peer configs are called "constraits". They define what is needed to
+ * Remote peer configs are called "constraints". They define what is needed to
* complete the authentication round successfully.
*
* @verbatim
diff --git a/src/libstrongswan/credentials/certificates/certificate_printer.h b/src/libstrongswan/credentials/certificates/certificate_printer.h
index 7953eb060..747cc21ae 100644
--- a/src/libstrongswan/credentials/certificates/certificate_printer.h
+++ b/src/libstrongswan/credentials/certificates/certificate_printer.h
@@ -62,7 +62,7 @@ struct certificate_printer_t {
*
* @param f file where print output is directed to (usually stdout)
* @param detailed print more detailed certificate information
- * @param utc print time inforamtion in UTC
+ * @param utc print time information in UTC
*/
certificate_printer_t* certificate_printer_create(FILE *f, bool detailed,
bool utc);
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index 877ed20a2..a98a33d20 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -106,9 +106,9 @@ enum signature_scheme_t {
SIGN_ECDSA_384,
/** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */
SIGN_ECDSA_521,
- /** PureEdDSA on Curve25519 as in draft-ietf-curdle-pkix (RFC TBA) */
+ /** PureEdDSA on Curve25519 as in RFC 8410 */
SIGN_ED25519,
- /** PureEdDSA on Curve448 as in draft-ietf-curdle-pkix (RFC TBA) */
+ /** PureEdDSA on Curve448 as in RFC 8410 */
SIGN_ED448,
/** BLISS with SHA-2_256 */
SIGN_BLISS_WITH_SHA2_256,
diff --git a/src/libstrongswan/credentials/keys/shared_key.c b/src/libstrongswan/credentials/keys/shared_key.c
index 2294eaff7..97209953a 100644
--- a/src/libstrongswan/credentials/keys/shared_key.c
+++ b/src/libstrongswan/credentials/keys/shared_key.c
@@ -15,12 +15,14 @@
#include "shared_key.h"
-ENUM(shared_key_type_names, SHARED_ANY, SHARED_PIN,
+ENUM(shared_key_type_names, SHARED_ANY, SHARED_PPK,
"ANY",
"IKE",
"EAP",
"PRIVATE_KEY_PASS",
"PIN",
+ "NTLM",
+ "PPK",
);
typedef struct private_shared_key_t private_shared_key_t;
@@ -93,7 +95,7 @@ shared_key_t *shared_key_create(shared_key_type_t type, chunk_t key)
.get_key = _get_key,
.get_ref = _get_ref,
.destroy = _destroy,
- },
+ },
.type = type,
.key = key,
.ref = 1,
diff --git a/src/libstrongswan/credentials/keys/shared_key.h b/src/libstrongswan/credentials/keys/shared_key.h
index d97139de2..44e6f0460 100644
--- a/src/libstrongswan/credentials/keys/shared_key.h
+++ b/src/libstrongswan/credentials/keys/shared_key.h
@@ -43,6 +43,8 @@ enum shared_key_type_t {
SHARED_PIN,
/** Calculated NT Hash = MD4(UTF-16LE(password)) */
SHARED_NT_HASH,
+ /** Postquantum Preshared Key */
+ SHARED_PPK,
};
/**
diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h
index 4f61ba1fc..7f048c620 100644
--- a/src/libstrongswan/crypto/crypto_factory.h
+++ b/src/libstrongswan/crypto/crypto_factory.h
@@ -177,7 +177,7 @@ struct crypto_factory_t {
* Register a crypter constructor.
*
* @param algo algorithm to constructor
- * @param key size key size to peform benchmarking for
+ * @param key size key size to perform benchmarking for
* @param plugin_name plugin that registered this algorithm
* @param create constructor function for that algorithm
* @return TRUE if registered, FALSE if test vector failed
@@ -204,7 +204,7 @@ struct crypto_factory_t {
* Register a aead constructor.
*
* @param algo algorithm to constructor
- * @param key size key size to peform benchmarking for
+ * @param key size key size to perform benchmarking for
* @param plugin_name plugin that registered this algorithm
* @param create constructor function for that algorithm
* @return TRUE if registered, FALSE if test vector failed
diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h
index 41654553d..f4f57d917 100644
--- a/src/libstrongswan/crypto/hashers/hasher.h
+++ b/src/libstrongswan/crypto/hashers/hasher.h
@@ -40,7 +40,7 @@ enum hash_algorithm_t {
HASH_SHA256 = 2,
HASH_SHA384 = 3,
HASH_SHA512 = 4,
- /* draft-ietf-ipsecme-eddsa (RFC TBA) */
+ /* RFC 8420 */
HASH_IDENTITY = 5,
/* use private use range for algorithms not defined/permitted by RFC 7427 */
HASH_UNKNOWN = 1024,
diff --git a/src/libstrongswan/crypto/proposal/proposal.c b/src/libstrongswan/crypto/proposal/proposal.c
index d671879c0..952608997 100644
--- a/src/libstrongswan/crypto/proposal/proposal.c
+++ b/src/libstrongswan/crypto/proposal/proposal.c
@@ -335,22 +335,16 @@ METHOD(proposal_t, strip_dh, void,
}
/**
- * Select a matching proposal from this and other, insert into selected.
+ * Select a matching proposal from this and other.
*/
static bool select_algo(private_proposal_t *this, proposal_t *other,
- proposal_t *selected, transform_type_t type, bool priv)
+ transform_type_t type, bool priv, bool log,
+ uint16_t *alg, uint16_t *ks)
{
enumerator_t *e1, *e2;
uint16_t alg1, alg2, ks1, ks2;
bool found = FALSE, optional = FALSE;
- if (type == INTEGRITY_ALGORITHM &&
- selected->get_algorithm(selected, ENCRYPTION_ALGORITHM, &alg1, NULL) &&
- encryption_algorithm_is_aead(alg1))
- {
- /* no integrity algorithm required, we have an AEAD */
- return TRUE;
- }
if (type == DIFFIE_HELLMAN_GROUP)
{
optional = this->protocol == PROTO_ESP || this->protocol == PROTO_AH;
@@ -398,26 +392,79 @@ static bool select_algo(private_proposal_t *this, proposal_t *other,
{
if (!priv && alg1 >= 1024)
{
- /* accept private use algorithms only if requested */
- DBG1(DBG_CFG, "an algorithm from private space would match, "
- "but peer implementation is unknown, skipped");
+ if (log)
+ {
+ DBG1(DBG_CFG, "an algorithm from private space would "
+ "match, but peer implementation is unknown, "
+ "skipped");
+ }
continue;
}
- selected->add_algorithm(selected, type, alg1, ks1);
+ *alg = alg1;
+ *ks = ks1;
found = TRUE;
break;
}
}
}
- /* no match in all comparisons */
e1->destroy(e1);
e2->destroy(e2);
+ return found;
+}
- if (!found)
+/**
+ * Select algorithms from the given proposals, if selected is given, the result
+ * is stored there and errors are logged.
+ */
+static bool select_algos(private_proposal_t *this, proposal_t *other,
+ proposal_t *selected, bool private)
+{
+ transform_type_t type;
+ array_t *types;
+ bool skip_integrity = FALSE;
+ int i;
+
+ types = merge_types(this, (private_proposal_t*)other);
+ for (i = 0; i < array_count(types); i++)
{
- DBG2(DBG_CFG, " no acceptable %N found", transform_type_names, type);
+ uint16_t alg = 0, ks = 0;
+
+ array_get(types, i, &type);
+ if (type == INTEGRITY_ALGORITHM && skip_integrity)
+ {
+ continue;
+ }
+ if (select_algo(this, other, type, private, selected != NULL, &alg, &ks))
+ {
+ if (alg == 0 && type != EXTENDED_SEQUENCE_NUMBERS)
+ { /* 0 is "valid" for extended sequence numbers, for other
+ * transforms it either means NONE or is reserved */
+ continue;
+ }
+ if (selected)
+ {
+ selected->add_algorithm(selected, type, alg, ks);
+ }
+ if (type == ENCRYPTION_ALGORITHM &&
+ encryption_algorithm_is_aead(alg))
+ {
+ /* no integrity algorithm required, we have an AEAD */
+ skip_integrity = TRUE;
+ }
+ }
+ else
+ {
+ if (selected)
+ {
+ DBG2(DBG_CFG, " no acceptable %N found", transform_type_names,
+ type);
+ }
+ array_destroy(types);
+ return FALSE;
+ }
}
- return found;
+ array_destroy(types);
+ return TRUE;
}
METHOD(proposal_t, select_proposal, proposal_t*,
@@ -425,9 +472,6 @@ METHOD(proposal_t, select_proposal, proposal_t*,
bool private)
{
proposal_t *selected;
- transform_type_t type;
- array_t *types;
- int i;
DBG2(DBG_CFG, "selecting proposal:");
@@ -448,23 +492,25 @@ METHOD(proposal_t, select_proposal, proposal_t*,
selected->set_spi(selected, this->spi);
}
- types = merge_types(this, (private_proposal_t*)other);
- for (i = 0; i < array_count(types); i++)
+ if (!select_algos(this, other, selected, private))
{
- array_get(types, i, &type);
- if (!select_algo(this, other, selected, type, private))
- {
- selected->destroy(selected);
- array_destroy(types);
- return NULL;
- }
+ selected->destroy(selected);
+ return NULL;
}
- array_destroy(types);
-
DBG2(DBG_CFG, " proposal matches");
return selected;
}
+METHOD(proposal_t, matches, bool,
+ private_proposal_t *this, proposal_t *other, bool private)
+{
+ if (this->protocol != other->get_protocol(other))
+ {
+ return FALSE;
+ }
+ return select_algos(this, other, NULL, private);
+}
+
METHOD(proposal_t, get_protocol, protocol_id_t,
private_proposal_t *this)
{
@@ -910,6 +956,7 @@ proposal_t *proposal_create(protocol_id_t protocol, u_int number)
.promote_dh_group = _promote_dh_group,
.strip_dh = _strip_dh,
.select = _select_proposal,
+ .matches = _matches,
.get_protocol = _get_protocol,
.set_spi = _set_spi,
.get_spi = _get_spi,
diff --git a/src/libstrongswan/crypto/proposal/proposal.h b/src/libstrongswan/crypto/proposal/proposal.h
index 0052674b9..338324326 100644
--- a/src/libstrongswan/crypto/proposal/proposal.h
+++ b/src/libstrongswan/crypto/proposal/proposal.h
@@ -34,7 +34,6 @@ typedef struct proposal_t proposal_t;
#include <crypto/crypters/crypter.h>
#include <crypto/signers/signer.h>
#include <crypto/diffie_hellman.h>
-#include <selectors/traffic_selector.h>
/**
* Protocol ID of a proposal.
@@ -144,6 +143,17 @@ struct proposal_t {
bool other_remote, bool private);
/**
+ * Check if the given proposal matches this proposal.
+ *
+ * This is similar to select, but no resulting proposal is selected.
+ *
+ * @param other proposal to compare against
+ * @param private accepts algorithms allocated in a private range
+ * @return TRUE if the proposals match
+ */
+ bool (*matches)(proposal_t *this, proposal_t *other, bool private);
+
+ /**
* Get the protocol ID of the proposal.
*
* @return protocol of the proposal
diff --git a/src/libstrongswan/ipsec/ipsec_types.c b/src/libstrongswan/ipsec/ipsec_types.c
index 16dbf8d41..6f19cc751 100644
--- a/src/libstrongswan/ipsec/ipsec_types.c
+++ b/src/libstrongswan/ipsec/ipsec_types.c
@@ -43,6 +43,13 @@ ENUM(hw_offload_names, HW_OFFLOAD_NO, HW_OFFLOAD_AUTO,
"auto",
);
+ENUM(dscp_copy_names, DSCP_COPY_OUT_ONLY, DSCP_COPY_NO,
+ "out",
+ "in",
+ "yes",
+ "no",
+);
+
/*
* See header
*/
@@ -62,7 +69,7 @@ bool ipsec_sa_cfg_equals(ipsec_sa_cfg_t *a, ipsec_sa_cfg_t *b)
/*
* See header
*/
-bool mark_from_string(const char *value, mark_t *mark)
+bool mark_from_string(const char *value, mark_op_t ops, mark_t *mark)
{
char *endptr;
@@ -72,6 +79,11 @@ bool mark_from_string(const char *value, mark_t *mark)
}
if (strcasepfx(value, "%unique"))
{
+ if (!(ops & MARK_OP_UNIQUE))
+ {
+ DBG1(DBG_APP, "unexpected use of %%unique mark", value);
+ return FALSE;
+ }
endptr = (char*)value + strlen("%unique");
if (strcasepfx(endptr, "-dir"))
{
@@ -88,6 +100,24 @@ bool mark_from_string(const char *value, mark_t *mark)
return FALSE;
}
}
+ else if (strcasepfx(value, "%same"))
+ {
+ if (!(ops & MARK_OP_SAME))
+ {
+ DBG1(DBG_APP, "unexpected use of %%same mark", value);
+ return FALSE;
+ }
+ endptr = (char*)value + strlen("%same");
+ if (!*endptr || *endptr == '/')
+ {
+ mark->value = MARK_SAME;
+ }
+ else
+ {
+ DBG1(DBG_APP, "invalid mark value: %s", value);
+ return FALSE;
+ }
+ }
else
{
mark->value = strtoul(value, &endptr, 0);
diff --git a/src/libstrongswan/ipsec/ipsec_types.h b/src/libstrongswan/ipsec/ipsec_types.h
index 4e6e2d9dc..7b7bd3743 100644
--- a/src/libstrongswan/ipsec/ipsec_types.h
+++ b/src/libstrongswan/ipsec/ipsec_types.h
@@ -27,6 +27,8 @@ typedef enum policy_type_t policy_type_t;
typedef enum policy_priority_t policy_priority_t;
typedef enum ipcomp_transform_t ipcomp_transform_t;
typedef enum hw_offload_t hw_offload_t;
+typedef enum dscp_copy_t dscp_copy_t;
+typedef enum mark_op_t mark_op_t;
typedef struct ipsec_sa_cfg_t ipsec_sa_cfg_t;
typedef struct lifetime_cfg_t lifetime_cfg_t;
typedef struct mark_t mark_t;
@@ -132,6 +134,22 @@ enum hw_offload_t {
extern enum_name_t *hw_offload_names;
/**
+ * DSCP header field copy behavior (the default is not to copy from outer
+ * to inner header)
+ */
+enum dscp_copy_t {
+ DSCP_COPY_OUT_ONLY,
+ DSCP_COPY_IN_ONLY,
+ DSCP_COPY_YES,
+ DSCP_COPY_NO,
+};
+
+/**
+ * enum strings for dscp_copy_t.
+ */
+extern enum_name_t *dscp_copy_names;
+
+/**
* This struct contains details about IPsec SA(s) tied to a policy.
*/
struct ipsec_sa_cfg_t {
@@ -197,15 +215,29 @@ struct mark_t {
*/
#define MARK_UNIQUE (0xFFFFFFFF)
#define MARK_UNIQUE_DIR (0xFFFFFFFE)
+#define MARK_SAME (0xFFFFFFFF)
#define MARK_IS_UNIQUE(m) ((m) == MARK_UNIQUE || (m) == MARK_UNIQUE_DIR)
/**
+ * Special mark operations to accept when parsing marks.
+ */
+enum mark_op_t {
+ /** none of the following */
+ MARK_OP_NONE = 0,
+ /** %unique and %unique-dir */
+ MARK_OP_UNIQUE = (1<<0),
+ /** %same */
+ MARK_OP_SAME = (1<<1),
+};
+
+/**
* Try to parse a mark_t from the given string of the form mark[/mask].
*
* @param value string to parse
+ * @param ops operations to accept
* @param mark mark to fill
* @return TRUE if parsing was successful
*/
-bool mark_from_string(const char *value, mark_t *mark);
+bool mark_from_string(const char *value, mark_op_t ops, mark_t *mark);
#endif /** IPSEC_TYPES_H_ @}*/
diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c
index 86b275dad..ad5d9ab36 100644
--- a/src/libstrongswan/library.c
+++ b/src/libstrongswan/library.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009-2016 Tobias Brunner
+ * Copyright (C) 2009-2018 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
@@ -54,7 +54,7 @@ struct private_library_t {
/**
* Integrity check failed?
*/
- bool integrity_failed;
+ bool init_failed;
#ifdef LEAK_DETECTIVE
/**
@@ -306,7 +306,7 @@ bool library_init(char *settings, const char *namespace)
{ /* already initialized, increase refcount */
this = (private_library_t*)lib;
ref_get(&this->ref);
- return !this->integrity_failed;
+ return !this->init_failed;
}
chunk_hash_seed();
@@ -376,7 +376,14 @@ bool library_init(char *settings, const char *namespace)
this->objects = hashtable_create((hashtable_hash_t)hash,
(hashtable_equals_t)equals, 4);
- this->public.settings = settings_create(this->public.conf);
+ this->public.settings = settings_create(NULL);
+ if (!this->public.settings->load_files(this->public.settings,
+ this->public.conf, FALSE))
+ {
+ DBG1(DBG_LIB, "abort initialization due to invalid configuration");
+ this->init_failed = TRUE;
+ }
+
/* add registered aliases */
for (i = 0; i < ns_count; ++i)
{
@@ -416,15 +423,15 @@ bool library_init(char *settings, const char *namespace)
if (!lib->integrity->check(lib->integrity, "libstrongswan", library_init))
{
DBG1(DBG_LIB, "integrity check of libstrongswan failed");
- this->integrity_failed = TRUE;
+ this->init_failed = TRUE;
}
#else /* !INTEGRITY_TEST */
DBG1(DBG_LIB, "integrity test enabled, but not supported");
- this->integrity_failed = TRUE;
+ this->init_failed = TRUE;
#endif /* INTEGRITY_TEST */
}
diffie_hellman_init();
- return !this->integrity_failed;
+ return !this->init_failed;
}
diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h
index 53f371c51..6409d3cae 100644
--- a/src/libstrongswan/library.h
+++ b/src/libstrongswan/library.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010-2016 Tobias Brunner
+ * Copyright (C) 2010-2018 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
@@ -258,11 +258,12 @@ struct library_t {
*
* The settings and namespace arguments are only used on the first call.
*
- * @param settings file to read settings from, may be NULL for default
+ * @param settings file to read settings from, may be NULL for default or
+ * "" to not load any settings
* @param namespace name of the binary that uses the library, determines
* the first section name when reading config options.
* Defaults to libstrongswan if NULL.
- * @return FALSE if integrity check failed
+ * @return FALSE if integrity check failed or settings are invalid
*/
bool library_init(char *settings, const char *namespace);
diff --git a/src/libstrongswan/math/libnttfft/Makefile.in b/src/libstrongswan/math/libnttfft/Makefile.in
index 02175a926..da58b25ae 100644
--- a/src/libstrongswan/math/libnttfft/Makefile.in
+++ b/src/libstrongswan/math/libnttfft/Makefile.in
@@ -304,7 +304,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -330,6 +329,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -350,8 +351,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -406,8 +405,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -436,8 +433,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/math/libnttfft/tests/Makefile.in b/src/libstrongswan/math/libnttfft/tests/Makefile.in
index 8d0e02bb6..9888a8c89 100644
--- a/src/libstrongswan/math/libnttfft/tests/Makefile.in
+++ b/src/libstrongswan/math/libnttfft/tests/Makefile.in
@@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -334,6 +333,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -354,8 +355,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -410,8 +409,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -440,8 +437,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/networking/streams/stream_service_unix.c b/src/libstrongswan/networking/streams/stream_service_unix.c
index a9b71d6fd..ef967e817 100644
--- a/src/libstrongswan/networking/streams/stream_service_unix.c
+++ b/src/libstrongswan/networking/streams/stream_service_unix.c
@@ -59,13 +59,27 @@ stream_service_t *stream_service_create_unix(char *uri, int backlog)
return NULL;
}
umask(old);
- /* only attempt to chown() socket if we have CAP_CHOWN */
- if (lib->caps->check(lib->caps, CAP_CHOWN) &&
- chown(addr.sun_path, lib->caps->get_uid(lib->caps),
- lib->caps->get_gid(lib->caps)) != 0)
+ /* Only attempt to change owner of socket if we have CAP_CHOWN. Otherwise,
+ * attempt to change group of socket to group under which charon runs after
+ * dropping caps. This requires the user that charon starts as to:
+ * a) Have write access to the socket dir.
+ * b) Belong to the group that charon will run under after dropping caps. */
+ if (lib->caps->check(lib->caps, CAP_CHOWN))
{
- DBG1(DBG_NET, "changing socket permissions for '%s' failed: %s",
- uri, strerror(errno));
+ if (chown(addr.sun_path, lib->caps->get_uid(lib->caps),
+ lib->caps->get_gid(lib->caps)) != 0)
+ {
+ DBG1(DBG_NET, "changing socket owner/group for '%s' failed: %s",
+ uri, strerror(errno));
+ }
+ }
+ else
+ {
+ if (chown(addr.sun_path, -1, lib->caps->get_gid(lib->caps)) != 0)
+ {
+ DBG1(DBG_NET, "changing socket group for '%s' failed: %s",
+ uri, strerror(errno));
+ }
}
if (listen(fd, backlog) < 0)
{
diff --git a/src/libstrongswan/plugins/acert/Makefile.in b/src/libstrongswan/plugins/acert/Makefile.in
index 36067a3ff..40282553f 100644
--- a/src/libstrongswan/plugins/acert/Makefile.in
+++ b/src/libstrongswan/plugins/acert/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in
index d3817e12a..495b4598e 100644
--- a/src/libstrongswan/plugins/aes/Makefile.in
+++ b/src/libstrongswan/plugins/aes/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/aesni/Makefile.in b/src/libstrongswan/plugins/aesni/Makefile.in
index fdcfc099e..db0ed83b2 100644
--- a/src/libstrongswan/plugins/aesni/Makefile.in
+++ b/src/libstrongswan/plugins/aesni/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in
index 6b4a7fe5f..eb8a4132e 100644
--- a/src/libstrongswan/plugins/af_alg/Makefile.in
+++ b/src/libstrongswan/plugins/af_alg/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in
index 12a44870c..8f4122a0e 100644
--- a/src/libstrongswan/plugins/agent/Makefile.in
+++ b/src/libstrongswan/plugins/agent/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/bliss/Makefile.in b/src/libstrongswan/plugins/bliss/Makefile.in
index b98d367f1..ab7117a9b 100644
--- a/src/libstrongswan/plugins/bliss/Makefile.in
+++ b/src/libstrongswan/plugins/bliss/Makefile.in
@@ -335,7 +335,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -361,6 +360,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -381,8 +382,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -437,8 +436,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -467,8 +464,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/bliss/tests/Makefile.in b/src/libstrongswan/plugins/bliss/tests/Makefile.in
index 015f40a00..bda5fd160 100644
--- a/src/libstrongswan/plugins/bliss/tests/Makefile.in
+++ b/src/libstrongswan/plugins/bliss/tests/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in
index 2f122b5a8..31b1fd38d 100644
--- a/src/libstrongswan/plugins/blowfish/Makefile.in
+++ b/src/libstrongswan/plugins/blowfish/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/botan/Makefile.am b/src/libstrongswan/plugins/botan/Makefile.am
new file mode 100644
index 000000000..c1160145a
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/Makefile.am
@@ -0,0 +1,32 @@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS) \
+ $(botan_CFLAGS)
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-botan.la
+else
+plugin_LTLIBRARIES = libstrongswan-botan.la
+endif
+
+libstrongswan_botan_la_SOURCES = \
+ botan_plugin.h botan_plugin.c \
+ botan_rng.h botan_rng.c \
+ botan_hasher.h botan_hasher.c \
+ botan_hmac.h botan_hmac.c \
+ botan_crypter.h botan_crypter.c \
+ botan_rsa_public_key.h botan_rsa_public_key.c \
+ botan_rsa_private_key.h botan_rsa_private_key.c \
+ botan_diffie_hellman.h botan_diffie_hellman.c \
+ botan_ec_diffie_hellman.h botan_ec_diffie_hellman.c \
+ botan_ec_public_key.h botan_ec_public_key.c \
+ botan_ec_private_key.h botan_ec_private_key.c \
+ botan_util.h botan_util.c \
+ botan_util_keys.h botan_util_keys.c \
+ botan_gcm.h botan_gcm.c \
+ botan_x25519.h botan_x25519.c
+
+libstrongswan_botan_la_LDFLAGS = -module -avoid-version
+libstrongswan_botan_la_LIBADD = $(botan_LIBS)
diff --git a/src/libimcv/plugins/imv_swid/Makefile.in b/src/libstrongswan/plugins/botan/Makefile.in
index faccb683e..533ba8340 100644
--- a/src/libimcv/plugins/imv_swid/Makefile.in
+++ b/src/libstrongswan/plugins/botan/Makefile.in
@@ -88,7 +88,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/libimcv/plugins/imv_swid
+subdir = src/libstrongswan/plugins/botan
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -134,22 +134,28 @@ am__uninstall_files_from_dir = { \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
-am__installdirs = "$(DESTDIR)$(imcvdir)"
-LTLIBRARIES = $(imcv_LTLIBRARIES)
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
am__DEPENDENCIES_1 =
-imv_swid_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(am__DEPENDENCIES_1)
-am_imv_swid_la_OBJECTS = imv_swid.lo imv_swid_state.lo \
- imv_swid_agent.lo
-imv_swid_la_OBJECTS = $(am_imv_swid_la_OBJECTS)
+libstrongswan_botan_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
+am_libstrongswan_botan_la_OBJECTS = botan_plugin.lo botan_rng.lo \
+ botan_hasher.lo botan_hmac.lo botan_crypter.lo \
+ botan_rsa_public_key.lo botan_rsa_private_key.lo \
+ botan_diffie_hellman.lo botan_ec_diffie_hellman.lo \
+ botan_ec_public_key.lo botan_ec_private_key.lo botan_util.lo \
+ botan_util_keys.lo botan_gcm.lo botan_x25519.lo
+libstrongswan_botan_la_OBJECTS = $(am_libstrongswan_botan_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 =
-imv_swid_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(imv_swid_la_LDFLAGS) $(LDFLAGS) -o $@
+libstrongswan_botan_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_botan_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_botan_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_botan_la_rpath =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
@@ -184,8 +190,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
-SOURCES = $(imv_swid_la_SOURCES)
-DIST_SOURCES = $(imv_swid_la_SOURCES)
+SOURCES = $(libstrongswan_botan_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_botan_la_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
@@ -311,7 +317,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +342,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +364,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +418,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,33 +446,45 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libtpmtss \
- -I$(top_srcdir)/src/libimcv
+ -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = \
- $(PLUGIN_CFLAGS) $(json_CFLAGS)
-
-imcv_LTLIBRARIES = imv-swid.la
-imv_swid_la_LIBADD = \
- $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(json_LIBS)
-
-imv_swid_la_SOURCES = \
- imv_swid.c imv_swid_state.h imv_swid_state.c \
- imv_swid_agent.h imv_swid_agent.c
-
-imv_swid_la_LDFLAGS = -module -avoid-version -no-undefined
+ $(PLUGIN_CFLAGS) \
+ $(botan_CFLAGS)
+
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-botan.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-botan.la
+libstrongswan_botan_la_SOURCES = \
+ botan_plugin.h botan_plugin.c \
+ botan_rng.h botan_rng.c \
+ botan_hasher.h botan_hasher.c \
+ botan_hmac.h botan_hmac.c \
+ botan_crypter.h botan_crypter.c \
+ botan_rsa_public_key.h botan_rsa_public_key.c \
+ botan_rsa_private_key.h botan_rsa_private_key.c \
+ botan_diffie_hellman.h botan_diffie_hellman.c \
+ botan_ec_diffie_hellman.h botan_ec_diffie_hellman.c \
+ botan_ec_public_key.h botan_ec_public_key.c \
+ botan_ec_private_key.h botan_ec_private_key.c \
+ botan_util.h botan_util.c \
+ botan_util_keys.h botan_util_keys.c \
+ botan_gcm.h botan_gcm.c \
+ botan_x25519.h botan_x25519.c
+
+libstrongswan_botan_la_LDFLAGS = -module -avoid-version
+libstrongswan_botan_la_LIBADD = $(botan_LIBS)
all: all-am
.SUFFIXES:
@@ -483,9 +498,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swid/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/botan/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swid/Makefile
+ $(AUTOMAKE) --gnu src/libstrongswan/plugins/botan/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -504,33 +519,44 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
-install-imcvLTLIBRARIES: $(imcv_LTLIBRARIES)
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
- @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
list2=; for p in $$list; do \
if test -f $$p; then \
list2="$$list2 $$p"; \
else :; fi; \
done; \
test -z "$$list2" || { \
- echo " $(MKDIR_P) '$(DESTDIR)$(imcvdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(imcvdir)" || exit 1; \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(imcvdir)'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(imcvdir)"; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
}
-uninstall-imcvLTLIBRARIES:
+uninstall-pluginLTLIBRARIES:
@$(NORMAL_UNINSTALL)
- @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
for p in $$list; do \
$(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(imcvdir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(imcvdir)/$$f"; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
done
-clean-imcvLTLIBRARIES:
- -test -z "$(imcv_LTLIBRARIES)" || rm -f $(imcv_LTLIBRARIES)
- @list='$(imcv_LTLIBRARIES)'; \
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; \
locs=`for p in $$list; do echo $$p; done | \
sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
sort -u`; \
@@ -539,8 +565,8 @@ clean-imcvLTLIBRARIES:
rm -f $${locs}; \
}
-imv-swid.la: $(imv_swid_la_OBJECTS) $(imv_swid_la_DEPENDENCIES) $(EXTRA_imv_swid_la_DEPENDENCIES)
- $(AM_V_CCLD)$(imv_swid_la_LINK) -rpath $(imcvdir) $(imv_swid_la_OBJECTS) $(imv_swid_la_LIBADD) $(LIBS)
+libstrongswan-botan.la: $(libstrongswan_botan_la_OBJECTS) $(libstrongswan_botan_la_DEPENDENCIES) $(EXTRA_libstrongswan_botan_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libstrongswan_botan_la_LINK) $(am_libstrongswan_botan_la_rpath) $(libstrongswan_botan_la_OBJECTS) $(libstrongswan_botan_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -548,9 +574,21 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swid.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swid_agent.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swid_state.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_crypter.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_diffie_hellman.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_ec_diffie_hellman.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_ec_private_key.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_ec_public_key.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_gcm.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_hasher.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_hmac.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_rng.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_rsa_private_key.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_rsa_public_key.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_util.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_util_keys.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_x25519.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -668,7 +706,7 @@ check-am: all-am
check: check-am
all-am: Makefile $(LTLIBRARIES)
installdirs:
- for dir in "$(DESTDIR)$(imcvdir)"; do \
+ for dir in "$(DESTDIR)$(plugindir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
@@ -703,8 +741,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-imcvLTLIBRARIES clean-libtool \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -724,7 +762,7 @@ info: info-am
info-am:
-install-data-am: install-imcvLTLIBRARIES
+install-data-am: install-pluginLTLIBRARIES
install-dvi: install-dvi-am
@@ -770,24 +808,24 @@ ps: ps-am
ps-am:
-uninstall-am: uninstall-imcvLTLIBRARIES
+uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
- clean-imcvLTLIBRARIES clean-libtool cscopelist-am ctags \
- ctags-am distclean distclean-compile distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am \
- install-imcvLTLIBRARIES install-info install-info-am \
- install-man install-pdf install-pdf-am install-ps \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ cscopelist-am ctags ctags-am distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-pluginLTLIBRARIES install-ps \
install-ps-am install-strip installcheck installcheck-am \
installdirs maintainer-clean maintainer-clean-generic \
mostlyclean mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
- uninstall-am uninstall-imcvLTLIBRARIES
+ uninstall-am uninstall-pluginLTLIBRARIES
.PRECIOUS: Makefile
diff --git a/src/libstrongswan/plugins/botan/botan_crypter.c b/src/libstrongswan/plugins/botan/botan_crypter.c
new file mode 100644
index 000000000..002be6ea8
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_crypter.c
@@ -0,0 +1,191 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Copyright (C) 2018 Konstantinos Kolelis
+ * Copyright (C) 2018 Tobias Hommel
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_crypter.h"
+
+#include <botan/ffi.h>
+
+typedef struct private_botan_crypter_t private_botan_crypter_t;
+
+/**
+ * Private data of botan_crypter_t
+ */
+struct private_botan_crypter_t {
+
+ /**
+ * Public part of this class
+ */
+ botan_crypter_t public;
+
+ /**
+ * The key
+ */
+ chunk_t key;
+
+ /**
+ * The cipher name
+ */
+ const char* cipher_name;
+};
+
+/**
+ * Do the actual en/decryption
+ */
+static bool crypt(private_botan_crypter_t *this, chunk_t data, chunk_t iv,
+ chunk_t *dst, uint32_t init_flag)
+{
+ botan_cipher_t cipher;
+ size_t output_written = 0;
+ size_t input_consumed = 0;
+ uint8_t *in, *out;
+ bool success = FALSE;
+
+ in = data.ptr;
+ if (dst)
+ {
+ *dst = chunk_alloc(data.len);
+ out = dst->ptr;
+ }
+ else
+ {
+ out = data.ptr;
+ }
+
+ if (botan_cipher_init(&cipher, this->cipher_name, init_flag))
+ {
+ return FALSE;
+ }
+
+ if (!botan_cipher_set_key(cipher, this->key.ptr, this->key.len) &&
+ !botan_cipher_start(cipher, iv.ptr, iv.len) &&
+ !botan_cipher_update(cipher, BOTAN_CIPHER_UPDATE_FLAG_FINAL, out,
+ data.len, &output_written, in, data.len,
+ &input_consumed) &&
+ (output_written == input_consumed))
+ {
+ success = TRUE;
+ }
+
+ botan_cipher_destroy(cipher);
+ return success;
+}
+
+METHOD(crypter_t, decrypt, bool,
+ private_botan_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
+{
+ return crypt(this, data, iv, dst, BOTAN_CIPHER_INIT_FLAG_DECRYPT);
+}
+
+
+METHOD(crypter_t, encrypt, bool,
+ private_botan_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
+{
+ return crypt(this, data, iv, dst, BOTAN_CIPHER_INIT_FLAG_ENCRYPT);
+}
+
+METHOD(crypter_t, get_block_size, size_t,
+ private_botan_crypter_t *this)
+{
+ return AES_BLOCK_SIZE;
+}
+
+METHOD(crypter_t, get_iv_size, size_t,
+ private_botan_crypter_t *this)
+{
+ return AES_BLOCK_SIZE;
+}
+
+METHOD(crypter_t, get_key_size, size_t,
+ private_botan_crypter_t *this)
+{
+ return this->key.len;
+}
+
+METHOD(crypter_t, set_key, bool,
+ private_botan_crypter_t *this, chunk_t key)
+{
+ memcpy(this->key.ptr, key.ptr, min(key.len, this->key.len));
+ return TRUE;
+}
+
+METHOD(crypter_t, destroy, void,
+ private_botan_crypter_t *this)
+{
+ chunk_clear(&this->key);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+botan_crypter_t *botan_crypter_create(encryption_algorithm_t algo,
+ size_t key_size)
+{
+ private_botan_crypter_t *this;
+
+ INIT(this,
+ .public = {
+ .crypter = {
+ .encrypt = _encrypt,
+ .decrypt = _decrypt,
+ .get_block_size = _get_block_size,
+ .get_iv_size = _get_iv_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ );
+
+ switch (algo)
+ {
+ case ENCR_AES_CBC:
+ switch (key_size)
+ {
+ case 16:
+ /* AES 128 */
+ this->cipher_name = "AES-128/CBC/NoPadding";
+ break;
+ case 24:
+ /* AES-192 */
+ this->cipher_name = "AES-192/CBC/NoPadding";
+ break;
+ case 32:
+ /* AES-256 */
+ this->cipher_name = "AES-256/CBC/NoPadding";
+ break;
+ default:
+ free(this);
+ return NULL;
+ }
+ break;
+ default:
+ free(this);
+ return NULL;
+ }
+
+ this->key = chunk_alloc(key_size);
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/botan/botan_crypter.h b/src/libstrongswan/plugins/botan/botan_crypter.h
new file mode 100644
index 000000000..246904a5f
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_crypter.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Copyright (C) 2018 Konstantinos Kolelis
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup botan_crypter botan_crypter
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_CRYPTER_H_
+#define BOTAN_CRYPTER_H_
+
+typedef struct botan_crypter_t botan_crypter_t;
+
+#include <crypto/crypters/crypter.h>
+
+/**
+ * Implementation of crypters using Botan.
+ */
+struct botan_crypter_t {
+
+ /**
+ * Implements crypter_t interface.
+ */
+ crypter_t crypter;
+};
+
+/**
+ * Constructor to create botan_crypter_t.
+ *
+ * @param algo algorithm to implement
+ * @param key_size key size in bytes
+ * @return botan_crypter_t, NULL if not supported
+ */
+botan_crypter_t *botan_crypter_create(encryption_algorithm_t algo,
+ size_t key_size);
+
+#endif /** BOTAN_CRYPTER_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_diffie_hellman.c b/src/libstrongswan/plugins/botan/botan_diffie_hellman.c
new file mode 100644
index 000000000..a55711d1b
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_diffie_hellman.c
@@ -0,0 +1,245 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Copyright (C) 2018 Konstantinos Kolelis
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_diffie_hellman.h"
+
+#include <botan/build.h>
+
+#ifdef BOTAN_HAS_DIFFIE_HELLMAN
+
+#include "botan_util.h"
+
+#include <botan/ffi.h>
+
+#include <utils/debug.h>
+
+typedef struct private_botan_diffie_hellman_t private_botan_diffie_hellman_t;
+
+/**
+ * Private data of an botan_diffie_hellman_t object.
+ */
+struct private_botan_diffie_hellman_t {
+
+ /**
+ * Public botan_diffie_hellman_t interface
+ */
+ botan_diffie_hellman_t public;
+
+ /**
+ * Diffie Hellman group number
+ */
+ diffie_hellman_group_t group;
+
+ /**
+ * Private key
+ */
+ botan_privkey_t dh_key;
+
+ /**
+ * Diffie hellman shared secret
+ */
+ chunk_t shared_secret;
+
+ /**
+ * Generator value
+ */
+ botan_mp_t g;
+
+ /**
+ * Modulus
+ */
+ botan_mp_t p;
+};
+
+/**
+ * Load a DH private key
+ */
+bool load_private_key(private_botan_diffie_hellman_t *this, chunk_t value)
+{
+ botan_mp_t xa;
+
+ if (!chunk_to_botan_mp(value, &xa))
+ {
+ return FALSE;
+ }
+
+ if (botan_privkey_destroy(this->dh_key) ||
+ botan_privkey_load_dh(&this->dh_key, this->p, this->g, xa))
+ {
+ botan_mp_destroy(xa);
+ return FALSE;
+ }
+ botan_mp_destroy(xa);
+ return TRUE;
+}
+
+METHOD(diffie_hellman_t, set_other_public_value, bool,
+ private_botan_diffie_hellman_t *this, chunk_t value)
+{
+ if (!diffie_hellman_verify_value(this->group, value))
+ {
+ return FALSE;
+ }
+
+ chunk_clear(&this->shared_secret);
+
+ return botan_dh_key_derivation(this->dh_key, value, &this->shared_secret);
+}
+
+METHOD(diffie_hellman_t, get_my_public_value, bool,
+ private_botan_diffie_hellman_t *this, chunk_t *value)
+{
+ *value = chunk_empty;
+
+ /* get key size of public key first */
+ if (botan_pk_op_key_agreement_export_public(this->dh_key, NULL, &value->len)
+ != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE)
+ {
+ return FALSE;
+ }
+
+ *value = chunk_alloc(value->len);
+ if (botan_pk_op_key_agreement_export_public(this->dh_key, value->ptr,
+ &value->len))
+ {
+ chunk_clear(value);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(diffie_hellman_t, set_private_value, bool,
+ private_botan_diffie_hellman_t *this, chunk_t value)
+{
+ chunk_clear(&this->shared_secret);
+ return load_private_key(this, value);
+}
+
+METHOD(diffie_hellman_t, get_shared_secret, bool,
+ private_botan_diffie_hellman_t *this, chunk_t *secret)
+{
+ if (!this->shared_secret.len)
+ {
+ return FALSE;
+ }
+ *secret = chunk_clone(this->shared_secret);
+ return TRUE;
+}
+
+METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+ private_botan_diffie_hellman_t *this)
+{
+ return this->group;
+}
+
+METHOD(diffie_hellman_t, destroy, void,
+ private_botan_diffie_hellman_t *this)
+{
+ botan_mp_destroy(this->p);
+ botan_mp_destroy(this->g);
+ botan_privkey_destroy(this->dh_key);
+ chunk_clear(&this->shared_secret);
+ free(this);
+}
+
+/*
+ * Generic internal constructor
+ */
+static botan_diffie_hellman_t *create_generic(diffie_hellman_group_t group,
+ chunk_t g, chunk_t p, size_t exp_len)
+{
+ private_botan_diffie_hellman_t *this;
+ chunk_t random;
+ rng_t *rng;
+
+ INIT(this,
+ .public = {
+ .dh = {
+ .get_shared_secret = _get_shared_secret,
+ .set_other_public_value = _set_other_public_value,
+ .get_my_public_value = _get_my_public_value,
+ .set_private_value = _set_private_value,
+ .get_dh_group = _get_dh_group,
+ .destroy = _destroy,
+ },
+ },
+ .group = group,
+ );
+
+ if (!chunk_to_botan_mp(p, &this->p))
+ {
+ destroy(this);
+ return NULL;
+ }
+
+ if (!chunk_to_botan_mp(g, &this->g))
+ {
+ destroy(this);
+ return NULL;
+ }
+
+ rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
+ if (!rng || !rng->allocate_bytes(rng, exp_len, &random))
+ {
+ DESTROY_IF(rng);
+ destroy(this);
+ return NULL;
+ }
+ rng->destroy(rng);
+
+ if (!load_private_key(this, random))
+ {
+ chunk_clear(&random);
+ destroy(this);
+ return NULL;
+ }
+ chunk_clear(&random);
+ return &this->public;
+}
+
+/*
+ * Described in header.
+ */
+botan_diffie_hellman_t *botan_diffie_hellman_create(
+ diffie_hellman_group_t group, ...)
+{
+ diffie_hellman_params_t *params;
+ chunk_t g, p;
+
+ if (group == MODP_CUSTOM)
+ {
+ VA_ARGS_GET(group, g, p);
+ return create_generic(group, g, p, p.len);
+ }
+
+ params = diffie_hellman_get_params(group);
+ if (!params)
+ {
+ return NULL;
+ }
+ return create_generic(group, params->generator, params->prime,
+ params->exp_len);
+}
+
+#endif
diff --git a/src/libstrongswan/plugins/botan/botan_diffie_hellman.h b/src/libstrongswan/plugins/botan/botan_diffie_hellman.h
new file mode 100644
index 000000000..84408229f
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_diffie_hellman.h
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Copyright (C) 2018 Konstantinos Kolelis
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup botan_diffie_hellman botan_diffie_hellman
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_DIFFIE_HELLMAN_H_
+#define BOTAN_DIFFIE_HELLMAN_H_
+
+typedef struct botan_diffie_hellman_t botan_diffie_hellman_t;
+
+#include <crypto/diffie_hellman.h>
+
+/**
+ * Implementation of the Diffie-Hellman algorithm using Botan.
+ */
+struct botan_diffie_hellman_t {
+
+ /**
+ * Implements diffie_hellman_t interface.
+ */
+ diffie_hellman_t dh;
+};
+
+/**
+ * Creates a new botan_diffie_hellman_t object.
+ *
+ * @param group Diffie Hellman group number to use
+ * @param ... expects generator and prime as chunk_t if MODP_CUSTOM
+ * @return botan_diffie_hellman_t object,
+ * NULL if not supported
+ */
+botan_diffie_hellman_t *botan_diffie_hellman_create(
+ diffie_hellman_group_t group, ...);
+
+#endif /** BOTAN_DIFFIE_HELLMAN_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c b/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c
new file mode 100644
index 000000000..ed28b4639
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c
@@ -0,0 +1,226 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_ec_diffie_hellman.h"
+
+#include <botan/build.h>
+
+#ifdef BOTAN_HAS_ECDH
+
+#include "botan_util.h"
+
+#include <utils/debug.h>
+
+#include <botan/ffi.h>
+
+typedef struct private_botan_ec_diffie_hellman_t private_botan_ec_diffie_hellman_t;
+
+/**
+ * Private data of a botan_ec_diffie_hellman_t object.
+ */
+struct private_botan_ec_diffie_hellman_t {
+
+ /**
+ * Public interface
+ */
+ botan_ec_diffie_hellman_t public;
+
+ /**
+ * Diffie Hellman group
+ */
+ diffie_hellman_group_t group;
+
+ /**
+ * EC curve name
+ */
+ const char* curve_name;
+
+ /**
+ * EC private key
+ */
+ botan_privkey_t key;
+
+ /**
+ * Shared secret
+ */
+ chunk_t shared_secret;
+};
+
+METHOD(diffie_hellman_t, set_other_public_value, bool,
+ private_botan_ec_diffie_hellman_t *this, chunk_t value)
+{
+ if (!diffie_hellman_verify_value(this->group, value))
+ {
+ return FALSE;
+ }
+
+ chunk_clear(&this->shared_secret);
+
+ /* prepend 0x04 to indicate uncompressed point format */
+ value = chunk_cata("cc", chunk_from_chars(0x04), value);
+
+ return botan_dh_key_derivation(this->key, value, &this->shared_secret);
+}
+
+METHOD(diffie_hellman_t, get_my_public_value, bool,
+ private_botan_ec_diffie_hellman_t *this, chunk_t *value)
+{
+ chunk_t pkey = chunk_empty;
+
+ if (botan_pk_op_key_agreement_export_public(this->key, NULL, &pkey.len)
+ != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE)
+ {
+ return FALSE;
+ }
+
+ pkey = chunk_alloca(pkey.len);
+ if (botan_pk_op_key_agreement_export_public(this->key, pkey.ptr, &pkey.len))
+ {
+ return FALSE;
+ }
+
+ /* skip 0x04 byte prepended by botan */
+ *value = chunk_clone(chunk_skip(pkey, 1));
+ return TRUE;
+}
+
+METHOD(diffie_hellman_t, set_private_value, bool,
+ private_botan_ec_diffie_hellman_t *this, chunk_t value)
+{
+ botan_mp_t scalar;
+
+ chunk_clear(&this->shared_secret);
+
+ if (!chunk_to_botan_mp(value, &scalar))
+ {
+ return FALSE;
+ }
+
+ if (botan_privkey_destroy(this->key))
+ {
+ botan_mp_destroy(scalar);
+ return FALSE;
+ }
+
+ if (botan_privkey_load_ecdh(&this->key, scalar, this->curve_name))
+ {
+ botan_mp_destroy(scalar);
+ return FALSE;
+ }
+
+ botan_mp_destroy(scalar);
+ return TRUE;
+}
+
+METHOD(diffie_hellman_t, get_shared_secret, bool,
+ private_botan_ec_diffie_hellman_t *this, chunk_t *secret)
+{
+ if (!this->shared_secret.len)
+ {
+ return FALSE;
+ }
+ *secret = chunk_clone(this->shared_secret);
+ return TRUE;
+}
+
+METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+ private_botan_ec_diffie_hellman_t *this)
+{
+ return this->group;
+}
+
+METHOD(diffie_hellman_t, destroy, void,
+ private_botan_ec_diffie_hellman_t *this)
+{
+ botan_privkey_destroy(this->key);
+ chunk_clear(&this->shared_secret);
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+botan_ec_diffie_hellman_t *botan_ec_diffie_hellman_create(
+ diffie_hellman_group_t group)
+{
+ private_botan_ec_diffie_hellman_t *this;
+ botan_rng_t rng;
+
+ INIT(this,
+ .public = {
+ .dh = {
+ .get_shared_secret = _get_shared_secret,
+ .set_other_public_value = _set_other_public_value,
+ .get_my_public_value = _get_my_public_value,
+ .set_private_value = _set_private_value,
+ .get_dh_group = _get_dh_group,
+ .destroy = _destroy,
+ },
+ },
+ .group = group,
+ );
+
+ switch (group)
+ {
+ case ECP_256_BIT:
+ this->curve_name = "secp256r1";
+ break;
+ case ECP_384_BIT:
+ this->curve_name = "secp384r1";
+ break;
+ case ECP_521_BIT:
+ this->curve_name = "secp521r1";
+ break;
+ case ECP_256_BP:
+ this->curve_name = "brainpool256r1";
+ break;
+ case ECP_384_BP:
+ this->curve_name = "brainpool384r1";
+ break;
+ case ECP_512_BP:
+ this->curve_name = "brainpool512r1";
+ break;
+ default:
+ free(this);
+ return NULL;
+ }
+
+ if (botan_rng_init(&rng, "user"))
+ {
+ free(this);
+ return NULL;
+ }
+
+ if (botan_privkey_create_ecdh(&this->key, rng, this->curve_name))
+ {
+ DBG1(DBG_LIB, "ECDH private key generation failed");
+ botan_rng_destroy(rng);
+ free(this);
+ return NULL;
+ }
+
+ botan_rng_destroy(rng);
+ return &this->public;
+}
+
+#endif
diff --git a/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.h b/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.h
new file mode 100644
index 000000000..0ba832ed3
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.h
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup botan_ec_diffie_hellman botan_ec_diffie_hellman
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_EC_DIFFIE_HELLMAN_H_
+#define BOTAN_EC_DIFFIE_HELLMAN_H_
+
+typedef struct botan_ec_diffie_hellman_t botan_ec_diffie_hellman_t;
+
+#include <library.h>
+
+/**
+ * Implementation of the EC Diffie-Hellman algorithm using Botan.
+ */
+struct botan_ec_diffie_hellman_t {
+
+ /**
+ * Implements diffie_hellman_t interface.
+ */
+ diffie_hellman_t dh;
+};
+
+/**
+ * Creates a new botan_ec_diffie_hellman_t object.
+ *
+ * @param group EC Diffie Hellman group number to use
+ * @return botan_ec_diffie_hellman_t object, NULL if not supported
+ */
+botan_ec_diffie_hellman_t *botan_ec_diffie_hellman_create(
+ diffie_hellman_group_t group);
+
+#endif /** BOTAN_EC_DIFFIE_HELLMAN_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_ec_private_key.c b/src/libstrongswan/plugins/botan/botan_ec_private_key.c
new file mode 100644
index 000000000..f8dbb66d7
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_ec_private_key.c
@@ -0,0 +1,452 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2018 René Korthaus
+ * Copyright (C) 2018 Konstantinos Kolelis
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+
+#include "botan_ec_private_key.h"
+#include "botan_ec_public_key.h"
+#include "botan_util.h"
+
+#include <botan/build.h>
+
+#ifdef BOTAN_HAS_ECDSA
+
+#include <asn1/asn1.h>
+#include <asn1/oid.h>
+
+#include <utils/debug.h>
+
+#include <botan/ffi.h>
+
+typedef struct private_botan_ec_private_key_t private_botan_ec_private_key_t;
+
+/**
+ * Private data of a botan_ec_private_key_t object.
+ */
+struct private_botan_ec_private_key_t {
+
+ /**
+ * Public interface
+ */
+ botan_ec_private_key_t public;
+
+ /**
+ * Botan ec private key
+ */
+ botan_privkey_t key;
+
+ /**
+ * OID of the curve
+ */
+ int oid;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+#define SIG_FORMAT_IEEE_1363 0
+#define SIG_FORMAT_DER_SEQUENCE 1
+
+/**
+ * Build a DER encoded signature as in RFC 3279 or as in RFC 4754
+ */
+static bool build_signature(botan_privkey_t key, const char *hash_and_padding,
+ int signature_format, chunk_t data,
+ chunk_t *signature)
+{
+ if (!botan_get_signature(key, hash_and_padding, data, signature))
+ {
+ return FALSE;
+ }
+
+ if (signature_format == SIG_FORMAT_DER_SEQUENCE)
+ {
+ /* format as ASN.1 sequence of two integers r,s */
+ chunk_t r = chunk_empty, s = chunk_empty;
+
+ chunk_split(*signature, "aa", signature->len / 2, &r,
+ signature->len / 2, &s);
+
+ chunk_free(signature);
+ *signature = asn1_wrap(ASN1_SEQUENCE, "mm", asn1_integer("m", r),
+ asn1_integer("m", s));
+ }
+ return TRUE;
+}
+
+METHOD(private_key_t, sign, bool,
+ private_botan_ec_private_key_t *this, signature_scheme_t scheme,
+ void *params, chunk_t data, chunk_t *signature)
+{
+ switch (scheme)
+ {
+ /* r||s -> Botan::IEEE_1363, data is the hash already */
+ case SIGN_ECDSA_WITH_NULL:
+ return build_signature(this->key, "Raw",
+ SIG_FORMAT_IEEE_1363, data, signature);
+ /* DER SEQUENCE of two INTEGERS r,s -> Botan::DER_SEQUENCE */
+ case SIGN_ECDSA_WITH_SHA1_DER:
+ return build_signature(this->key, "EMSA1(SHA-1)",
+ SIG_FORMAT_DER_SEQUENCE, data, signature);
+ case SIGN_ECDSA_WITH_SHA256_DER:
+ return build_signature(this->key, "EMSA1(SHA-256)",
+ SIG_FORMAT_DER_SEQUENCE, data, signature);
+ case SIGN_ECDSA_WITH_SHA384_DER:
+ return build_signature(this->key, "EMSA1(SHA-384)",
+ SIG_FORMAT_DER_SEQUENCE, data, signature);
+ case SIGN_ECDSA_WITH_SHA512_DER:
+ return build_signature(this->key, "EMSA1(SHA-512)",
+ SIG_FORMAT_DER_SEQUENCE, data, signature);
+ /* r||s -> Botan::IEEE_1363 */
+ case SIGN_ECDSA_256:
+ return build_signature(this->key, "EMSA1(SHA-256)",
+ SIG_FORMAT_IEEE_1363, data, signature);
+ case SIGN_ECDSA_384:
+ return build_signature(this->key, "EMSA1(SHA-384)",
+ SIG_FORMAT_IEEE_1363, data, signature);
+ case SIGN_ECDSA_521:
+ return build_signature(this->key, "EMSA1(SHA-512)",
+ SIG_FORMAT_IEEE_1363, data, signature);
+ default:
+ DBG1(DBG_LIB, "signature scheme %N not supported via botan",
+ signature_scheme_names, scheme);
+ return FALSE;
+ }
+}
+
+METHOD(private_key_t, decrypt, bool,
+ private_botan_ec_private_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypto, chunk_t *plain)
+{
+ DBG1(DBG_LIB, "EC private key decryption not implemented");
+ return FALSE;
+}
+
+METHOD(private_key_t, get_keysize, int,
+ private_botan_ec_private_key_t *this)
+{
+ botan_mp_t p;
+ size_t bits = 0;
+
+ if (botan_mp_init(&p))
+ {
+ return 0;
+ }
+
+ if (botan_privkey_get_field(p, this->key, "p") ||
+ botan_mp_num_bits(p, &bits))
+ {
+ botan_mp_destroy(p);
+ return 0;
+ }
+
+ botan_mp_destroy(p);
+ return bits;
+}
+
+METHOD(private_key_t, get_type, key_type_t,
+ private_botan_ec_private_key_t *this)
+{
+ return KEY_ECDSA;
+}
+
+METHOD(private_key_t, get_public_key, public_key_t*,
+ private_botan_ec_private_key_t *this)
+{
+ botan_pubkey_t pubkey;
+
+ if (botan_privkey_export_pubkey(&pubkey, this->key))
+ {
+ return NULL;
+ }
+ return (public_key_t*)botan_ec_public_key_adopt(pubkey);
+}
+
+METHOD(private_key_t, get_fingerprint, bool,
+ private_botan_ec_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *fingerprint)
+{
+ botan_pubkey_t pubkey;
+ bool success = FALSE;
+
+ /* check the cache before doing the export */
+ if (lib->encoding->get_cache(lib->encoding, type, this, fingerprint))
+ {
+ return TRUE;
+ }
+
+ if (botan_privkey_export_pubkey(&pubkey, this->key))
+ {
+ return FALSE;
+ }
+ success = botan_get_fingerprint(pubkey, this, type, fingerprint);
+ botan_pubkey_destroy(pubkey);
+ return success;
+}
+
+METHOD(private_key_t, get_encoding, bool,
+ private_botan_ec_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
+{
+ return botan_get_privkey_encoding(this->key, type, encoding);
+}
+
+METHOD(private_key_t, get_ref, private_key_t*,
+ private_botan_ec_private_key_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.key;
+}
+
+METHOD(private_key_t, destroy, void,
+ private_botan_ec_private_key_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ lib->encoding->clear_cache(lib->encoding, this);
+ botan_privkey_destroy(this->key);
+ free(this);
+ }
+}
+
+/**
+ * Internal generic constructor
+ */
+static private_botan_ec_private_key_t *create_empty(int oid)
+{
+ private_botan_ec_private_key_t *this;
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .sign = _sign,
+ .decrypt = _decrypt,
+ .get_keysize = _get_keysize,
+ .get_public_key = _get_public_key,
+ .equals = private_key_equals,
+ .belongs_to = private_key_belongs_to,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = private_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .oid = oid,
+ .ref = 1,
+ );
+
+ return this;
+}
+
+/*
+ * Described in header
+ */
+botan_ec_private_key_t *botan_ec_private_key_adopt(botan_privkey_t key, int oid)
+{
+ private_botan_ec_private_key_t *this;
+
+ this = create_empty(oid);
+ this->key = key;
+
+ return &this->public;
+}
+
+/*
+ * Described in header
+ */
+botan_ec_private_key_t *botan_ec_private_key_gen(key_type_t type, va_list args)
+{
+ private_botan_ec_private_key_t *this;
+ botan_rng_t rng;
+ u_int key_size = 0;
+ int oid;
+ const char *curve;
+
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_KEY_SIZE:
+ key_size = va_arg(args, u_int);
+ continue;
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+
+ if (!key_size)
+ {
+ return NULL;
+ }
+
+ switch (key_size)
+ {
+ case 256:
+ curve = "secp256r1";
+ oid = OID_PRIME256V1;
+ break;
+ case 384:
+ curve = "secp384r1";
+ oid = OID_SECT384R1;
+ break;
+ case 521:
+ curve = "secp521r1";
+ oid = OID_SECT521R1;
+ break;
+ default:
+ DBG1(DBG_LIB, "EC private key size %d not supported via botan",
+ key_size);
+ return NULL;
+ }
+
+ if (botan_rng_init(&rng, "system"))
+ {
+ return NULL;
+ }
+
+ this = create_empty(oid);
+
+ if (botan_privkey_create_ecdsa(&this->key, rng, curve))
+ {
+ DBG1(DBG_LIB, "EC private key generation failed");
+ botan_rng_destroy(rng);
+ free(this);
+ return NULL;
+ }
+
+ botan_rng_destroy(rng);
+ return &this->public;
+}
+
+/*
+ * Described in header
+ */
+botan_ec_private_key_t *botan_ec_private_key_load(key_type_t type, va_list args)
+{
+ private_botan_ec_private_key_t *this;
+ chunk_t params = chunk_empty, key = chunk_empty;
+ chunk_t alg_id = chunk_empty, pkcs8 = chunk_empty;
+ botan_rng_t rng;
+ int oid = OID_UNKNOWN;
+
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_BLOB_ALGID_PARAMS:
+ params = va_arg(args, chunk_t);
+ continue;
+ case BUILD_BLOB_ASN1_DER:
+ key = va_arg(args, chunk_t);
+ continue;
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+
+ /*
+ * Botan expects a PKCS#8 private key, so we build one, if necessary.
+ * RFC 5480 mandates ECParameters as part of the algorithmIdentifier, which
+ * we should get from e.g. the pkcs8 plugin.
+ */
+ if (params.len != 0 && type == KEY_ECDSA)
+ {
+ /* if ECParameters is passed, just use it */
+ alg_id = asn1_algorithmIdentifier_params(OID_EC_PUBLICKEY,
+ chunk_clone(params));
+ if (asn1_unwrap(&params, &params) == ASN1_OID)
+ {
+ oid = asn1_known_oid(params);
+ }
+ }
+ else
+ {
+ /*
+ * no explicit ECParameters passed, try to extract them from the
+ * ECPrivateKey structure and create an algorithmIdentifier
+ */
+ chunk_t unwrap = key, inner;
+
+ if (asn1_unwrap(&unwrap, &unwrap) == ASN1_SEQUENCE &&
+ asn1_unwrap(&unwrap, &inner) == ASN1_INTEGER &&
+ asn1_parse_integer_uint64(inner) == 1 &&
+ asn1_unwrap(&unwrap, &inner) == ASN1_OCTET_STRING &&
+ asn1_unwrap(&unwrap, &inner) == ASN1_CONTEXT_C_0 &&
+ asn1_unwrap(&inner, &inner) == ASN1_OID)
+ {
+ oid = asn1_known_oid(inner);
+ if (oid != OID_UNKNOWN)
+ {
+ alg_id = asn1_algorithmIdentifier_params(OID_EC_PUBLICKEY,
+ asn1_simple_object(ASN1_OID, inner));
+ }
+ }
+ }
+
+ if (oid == OID_UNKNOWN)
+ {
+ chunk_free(&alg_id);
+ return NULL;
+ }
+
+ pkcs8 = asn1_wrap(ASN1_SEQUENCE, "mms",
+ asn1_integer("c", chunk_from_chars(0x00)),
+ alg_id,
+ asn1_wrap(ASN1_OCTET_STRING, "c", key));
+
+ this = create_empty(oid);
+
+ if (botan_rng_init(&rng, "user"))
+ {
+ chunk_clear(&pkcs8);
+ free(this);
+ return NULL;
+ }
+
+ if (botan_privkey_load(&this->key, rng, pkcs8.ptr, pkcs8.len, NULL))
+ {
+ chunk_clear(&pkcs8);
+ botan_rng_destroy(rng);
+ free(this);
+ return NULL;
+ }
+
+ chunk_clear(&pkcs8);
+ botan_rng_destroy(rng);
+ return &this->public;
+}
+
+#endif
diff --git a/src/libstrongswan/plugins/botan/botan_ec_private_key.h b/src/libstrongswan/plugins/botan/botan_ec_private_key.h
new file mode 100644
index 000000000..2b9686ceb
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_ec_private_key.h
@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2018 René Korthaus
+ * Copyright (C) 2018 Konstantinos Kolelis
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup botan_ec_private_key botan_ec_private_key
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_EC_PRIVATE_KEY_H_
+#define BOTAN_EC_PRIVATE_KEY_H_
+
+#include <botan/ffi.h>
+
+#include <credentials/builder.h>
+#include <credentials/keys/private_key.h>
+
+typedef struct botan_ec_private_key_t botan_ec_private_key_t;
+
+/**
+ * private_key_t implementation of ECDSA using Botan.
+ */
+struct botan_ec_private_key_t {
+
+ /**
+ * Implements private_key_t interface
+ */
+ private_key_t key;
+};
+
+/**
+ * Generate a ECDSA private key using Botan.
+ *
+ * Accepts the BUILD_KEY_SIZE argument.
+ *
+ * @param type type of the key, must be KEY_ECDSA
+ * @param args builder_part_t argument list
+ * @return generated key, NULL on failure
+ */
+botan_ec_private_key_t *botan_ec_private_key_gen(key_type_t type, va_list args);
+
+/**
+ * Load a ECDSA private key using Botan.
+ *
+ * Accepts a BUILD_BLOB_ASN1_DER argument.
+ *
+ * @param type type of the key, must be KEY_ECDSA
+ * @param args builder_part_t argument list
+ * @return loaded key, NULL on failure
+ */
+botan_ec_private_key_t *botan_ec_private_key_load(key_type_t type,
+ va_list args);
+
+/**
+ * Load a ECDSA private key by adopting a botan_privkey_t object.
+ *
+ * @param key private key object (adopted)
+ * @param oid EC curve OID
+ * @return loaded key, NULL on failure
+ */
+botan_ec_private_key_t *botan_ec_private_key_adopt(botan_privkey_t key,
+ int oid);
+
+#endif /** BOTAN_EC_PRIVATE_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_ec_public_key.c b/src/libstrongswan/plugins/botan/botan_ec_public_key.c
new file mode 100644
index 000000000..4c85dbcec
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_ec_public_key.c
@@ -0,0 +1,277 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Copyright (C) 2018 Konstantinos Kolelis
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_ec_public_key.h"
+#include "botan_util.h"
+
+#include <botan/build.h>
+
+#ifdef BOTAN_HAS_ECDSA
+
+#include <asn1/asn1.h>
+#include <asn1/asn1_parser.h>
+
+#include <utils/debug.h>
+
+#include <botan/ffi.h>
+
+typedef struct private_botan_ec_public_key_t private_botan_ec_public_key_t;
+
+/**
+ * Private data structure with signing context.
+ */
+struct private_botan_ec_public_key_t {
+
+ /**
+ * Public interface for this signer
+ */
+ botan_ec_public_key_t public;
+
+ /**
+ * Botan ec public key
+ */
+ botan_pubkey_t key;
+
+ /**
+ * Reference counter
+ */
+ refcount_t ref;
+};
+
+#define SIG_FORMAT_IEEE_1363 0
+#define SIG_FORMAT_DER_SEQUENCE 1
+
+/**
+ * Verification of a DER encoded signature as in RFC 3279 or as in RFC 4754
+ */
+static bool verify_signature(private_botan_ec_public_key_t *this,
+ const char* hash_and_padding, int signature_format, size_t keylen,
+ chunk_t data, chunk_t signature)
+{
+ botan_pk_op_verify_t verify_op;
+ chunk_t sig = signature;
+ bool valid = FALSE;
+
+ if (signature_format == SIG_FORMAT_DER_SEQUENCE)
+ {
+ /*
+ * botan requires a signature in IEEE 1363 format (r||s)
+ * re-encode from ASN.1 sequence of two integers r,s
+ */
+ chunk_t parse = signature, r, s;
+
+ if (asn1_unwrap(&parse, &parse) != ASN1_SEQUENCE ||
+ asn1_unwrap(&parse, &r) != ASN1_INTEGER ||
+ asn1_unwrap(&parse, &s) != ASN1_INTEGER)
+ {
+ return FALSE;
+ }
+
+ r = chunk_skip_zero(r);
+ s = chunk_skip_zero(s);
+
+ /*
+ * r and s must be of size m_order.bytes()/2 each
+ */
+ if (r.len > keylen || s.len > keylen)
+ {
+ return FALSE;
+ }
+
+ sig = chunk_alloca(2 * keylen);
+ memset(sig.ptr, 0, sig.len);
+ memcpy(sig.ptr + (keylen - r.len), r.ptr, r.len);
+ memcpy(sig.ptr + keylen + (keylen - s.len), s.ptr, s.len);
+ }
+
+ if (botan_pk_op_verify_create(&verify_op, this->key, hash_and_padding, 0))
+ {
+ return FALSE;
+ }
+
+ if (botan_pk_op_verify_update(verify_op, data.ptr, data.len))
+ {
+ botan_pk_op_verify_destroy(verify_op);
+ return FALSE;
+ }
+
+ valid = !(botan_pk_op_verify_finish(verify_op, sig.ptr, sig.len));
+
+ botan_pk_op_verify_destroy(verify_op);
+ return valid;
+}
+
+METHOD(public_key_t, get_type, key_type_t,
+ private_botan_ec_public_key_t *this)
+{
+ return KEY_ECDSA;
+}
+
+METHOD(public_key_t, get_keysize, int,
+ private_botan_ec_public_key_t *this)
+{
+ botan_mp_t p;
+ size_t bits = 0;
+
+ if (botan_mp_init(&p))
+ {
+ return 0;
+ }
+
+ if (botan_pubkey_get_field(p, this->key, "p") ||
+ botan_mp_num_bits(p, &bits))
+ {
+ botan_mp_destroy(p);
+ return 0;
+ }
+
+ botan_mp_destroy(p);
+ return bits;
+}
+
+METHOD(public_key_t, verify, bool,
+ private_botan_ec_public_key_t *this, signature_scheme_t scheme,
+ void *params, chunk_t data, chunk_t signature)
+{
+ size_t keylen = (get_keysize(this) + 7) / 8;
+ const char *hash_and_padding;
+ int sig_format;
+
+ switch (scheme)
+ {
+ /* r||s -> Botan::IEEE_1363, data is the hash already */
+ case SIGN_ECDSA_WITH_NULL:
+ hash_and_padding = "Raw";
+ sig_format = SIG_FORMAT_IEEE_1363;
+ break;
+ /* DER SEQUENCE of two INTEGERS r,s -> Botan::DER_SEQUENCE */
+ case SIGN_ECDSA_WITH_SHA1_DER:
+ hash_and_padding = "EMSA1(SHA-1)";
+ sig_format = SIG_FORMAT_DER_SEQUENCE;
+ break;
+ case SIGN_ECDSA_WITH_SHA256_DER:
+ hash_and_padding = "EMSA1(SHA-256)";
+ sig_format = SIG_FORMAT_DER_SEQUENCE;
+ break;
+ case SIGN_ECDSA_WITH_SHA384_DER:
+ hash_and_padding = "EMSA1(SHA-384)";
+ sig_format = SIG_FORMAT_DER_SEQUENCE;
+ break;
+ case SIGN_ECDSA_WITH_SHA512_DER:
+ hash_and_padding = "EMSA1(SHA-512)";
+ sig_format = SIG_FORMAT_DER_SEQUENCE;
+ break;
+ /* r||s -> Botan::IEEE_1363 */
+ case SIGN_ECDSA_256:
+ hash_and_padding = "EMSA1(SHA-256)";
+ sig_format = SIG_FORMAT_IEEE_1363;
+ break;
+ case SIGN_ECDSA_384:
+ hash_and_padding = "EMSA1(SHA-384)";
+ sig_format = SIG_FORMAT_IEEE_1363;
+ break;
+ case SIGN_ECDSA_521:
+ hash_and_padding = "EMSA1(SHA-512)";
+ sig_format = SIG_FORMAT_IEEE_1363;
+ break;
+ default:
+ DBG1(DBG_LIB, "signature scheme %N not supported via botan",
+ signature_scheme_names, scheme);
+ return FALSE;
+ }
+
+ return verify_signature(this, hash_and_padding,
+ sig_format, keylen, data, signature);
+}
+
+METHOD(public_key_t, encrypt, bool,
+ private_botan_ec_public_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypto, chunk_t *plain)
+{
+ DBG1(DBG_LIB, "EC public key encryption not implemented");
+ return FALSE;
+}
+
+METHOD(public_key_t, get_fingerprint, bool,
+ private_botan_ec_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *fingerprint)
+{
+ return botan_get_fingerprint(this->key, this, type, fingerprint);
+}
+
+METHOD(public_key_t, get_encoding, bool,
+ private_botan_ec_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
+{
+ return botan_get_encoding(this->key, type, encoding);
+}
+
+METHOD(public_key_t, get_ref, public_key_t*,
+ private_botan_ec_public_key_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.key;
+}
+
+METHOD(public_key_t, destroy, void,
+ private_botan_ec_public_key_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ lib->encoding->clear_cache(lib->encoding, this);
+ botan_pubkey_destroy(this->key);
+ free(this);
+ }
+}
+
+/*
+ * Described in header
+ */
+botan_ec_public_key_t *botan_ec_public_key_adopt(botan_pubkey_t key)
+{
+ private_botan_ec_public_key_t *this;
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .verify = _verify,
+ .encrypt = _encrypt,
+ .get_keysize = _get_keysize,
+ .equals = public_key_equals,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = public_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .key = key,
+ .ref = 1,
+ );
+
+ return &this->public;
+}
+
+#endif
diff --git a/src/libstrongswan/plugins/botan/botan_ec_public_key.h b/src/libstrongswan/plugins/botan/botan_ec_public_key.h
new file mode 100644
index 000000000..ddb3d5b04
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_ec_public_key.h
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Copyright (C) 2018 Konstantinos Kolelis
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef BOTAN_EC_PUBLIC_KEY_H_
+#define BOTAN_EC_PUBLIC_KEY_H_
+
+#include <botan/ffi.h>
+
+#include <credentials/builder.h>
+#include <credentials/keys/public_key.h>
+
+typedef struct botan_ec_public_key_t botan_ec_public_key_t;
+
+/**
+ * public_key_t implementation of ECDSA using botan.
+ */
+struct botan_ec_public_key_t {
+
+ /**
+ * Implements the public_key_t interface
+ */
+ public_key_t key;
+};
+
+/**
+ * Load a ECDSA public key by adopting a botan_pubkey_t object.
+ *
+ * @param key public key object (adopted)
+ * @return loaded key, NULL on failure
+ */
+botan_ec_public_key_t *botan_ec_public_key_adopt(botan_pubkey_t key);
+
+#endif /** BOTAN_EC_PUBLIC_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_gcm.c b/src/libstrongswan/plugins/botan/botan_gcm.c
new file mode 100644
index 000000000..7e0fc1468
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_gcm.c
@@ -0,0 +1,333 @@
+/*
+ * Copyright (C) 2018 Atanas Filyanov
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_gcm.h"
+
+#include <botan/build.h>
+
+#ifdef BOTAN_HAS_AES
+#ifdef BOTAN_HAS_AEAD_GCM
+
+#include <crypto/iv/iv_gen_seq.h>
+
+#include <botan/ffi.h>
+
+/**
+ * as defined in RFC 4106
+ */
+#define IV_LEN 8
+#define SALT_LEN 4
+#define NONCE_LEN (IV_LEN + SALT_LEN)
+
+typedef struct private_aead_t private_aead_t;
+
+struct private_aead_t {
+
+ /**
+ * Public interface
+ */
+ aead_t public;
+
+ /**
+ * The encryption key
+ */
+ chunk_t key;
+
+ /**
+ * Salt value
+ */
+ char salt[SALT_LEN];
+
+ /**
+ * Size of the integrity check value
+ */
+ size_t icv_size;
+
+ /**
+ * IV generator
+ */
+ iv_gen_t *iv_gen;
+
+ /**
+ * The cipher to use
+ */
+ const char* cipher_name;
+};
+
+/**
+ * Do the actual en/decryption
+ */
+static bool crypt(private_aead_t *this, chunk_t data, chunk_t assoc, chunk_t iv,
+ u_char *out, uint32_t init_flag)
+{
+ botan_cipher_t cipher;
+ uint8_t nonce[NONCE_LEN];
+ size_t output_written = 0, input_consumed = 0;
+
+ memcpy(nonce, this->salt, SALT_LEN);
+ memcpy(nonce + SALT_LEN, iv.ptr, IV_LEN);
+
+ if (botan_cipher_init(&cipher, this->cipher_name, init_flag))
+ {
+ return FALSE;
+ }
+
+ if (botan_cipher_set_key(cipher, this->key.ptr, this->key.len))
+ {
+ botan_cipher_destroy(cipher);
+ return FALSE;
+ }
+
+ if (assoc.len &&
+ botan_cipher_set_associated_data(cipher, assoc.ptr, assoc.len))
+ {
+ botan_cipher_destroy(cipher);
+ return FALSE;
+ }
+
+ if (botan_cipher_start(cipher, nonce, NONCE_LEN))
+ {
+ botan_cipher_destroy(cipher);
+ return FALSE;
+ }
+
+ if (init_flag == BOTAN_CIPHER_INIT_FLAG_ENCRYPT)
+ {
+ if (botan_cipher_update(cipher, BOTAN_CIPHER_UPDATE_FLAG_FINAL,
+ out, data.len + this->icv_size, &output_written,
+ data.ptr, data.len, &input_consumed))
+ {
+ botan_cipher_destroy(cipher);
+ return FALSE;
+ }
+ }
+ else if (init_flag == BOTAN_CIPHER_INIT_FLAG_DECRYPT)
+ {
+ if (botan_cipher_update(cipher, BOTAN_CIPHER_UPDATE_FLAG_FINAL,
+ out, data.len, &output_written, data.ptr,
+ data.len + this->icv_size, &input_consumed))
+ {
+ botan_cipher_destroy(cipher);
+ return FALSE;
+ }
+ }
+
+ botan_cipher_destroy(cipher);
+
+ return TRUE;
+}
+
+METHOD(aead_t, encrypt, bool,
+ private_aead_t *this, chunk_t plain, chunk_t assoc, chunk_t iv,
+ chunk_t *encrypted)
+{
+ u_char *out;
+
+ out = plain.ptr;
+ if (encrypted)
+ {
+ *encrypted = chunk_alloc(plain.len + this->icv_size);
+ out = encrypted->ptr;
+ }
+ return crypt(this, plain, assoc, iv, out, BOTAN_CIPHER_INIT_FLAG_ENCRYPT);
+}
+
+METHOD(aead_t, decrypt, bool,
+ private_aead_t *this, chunk_t encrypted, chunk_t assoc, chunk_t iv,
+ chunk_t *plain)
+{
+ u_char *out;
+
+ if (encrypted.len < this->icv_size)
+ {
+ return FALSE;
+ }
+ encrypted.len -= this->icv_size;
+
+ out = encrypted.ptr;
+ if (plain)
+ {
+ *plain = chunk_alloc(encrypted.len);
+ out = plain->ptr;
+ }
+ return crypt(this, encrypted, assoc, iv, out,
+ BOTAN_CIPHER_INIT_FLAG_DECRYPT);
+}
+
+METHOD(aead_t, get_block_size, size_t,
+ private_aead_t *this)
+{
+ return 1;
+}
+
+METHOD(aead_t, get_icv_size, size_t,
+ private_aead_t *this)
+{
+ return this->icv_size;
+}
+
+METHOD(aead_t, get_iv_size, size_t,
+ private_aead_t *this)
+{
+ return IV_LEN;
+}
+
+METHOD(aead_t, get_iv_gen, iv_gen_t*,
+ private_aead_t *this)
+{
+ return this->iv_gen;
+}
+
+METHOD(aead_t, get_key_size, size_t,
+ private_aead_t *this)
+{
+ return this->key.len + SALT_LEN;
+}
+
+METHOD(aead_t, set_key, bool,
+ private_aead_t *this, chunk_t key)
+{
+ if (key.len != get_key_size(this))
+ {
+ return FALSE;
+ }
+ memcpy(this->salt, key.ptr + key.len - SALT_LEN, SALT_LEN);
+ memcpy(this->key.ptr, key.ptr, this->key.len);
+ return TRUE;
+}
+
+METHOD(aead_t, destroy, void,
+ private_aead_t *this)
+{
+ chunk_clear(&this->key);
+ this->iv_gen->destroy(this->iv_gen);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+aead_t *botan_gcm_create(encryption_algorithm_t algo, size_t key_size,
+ size_t salt_size)
+{
+ private_aead_t *this;
+
+ INIT(this,
+ .public = {
+ .encrypt = _encrypt,
+ .decrypt = _decrypt,
+ .get_block_size = _get_block_size,
+ .get_icv_size = _get_icv_size,
+ .get_iv_size = _get_iv_size,
+ .get_iv_gen = _get_iv_gen,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ );
+
+ if (salt_size && salt_size != SALT_LEN)
+ {
+ /* currently not supported */
+ free(this);
+ return NULL;
+ }
+
+ switch (algo)
+ {
+ case ENCR_AES_GCM_ICV8:
+ switch (key_size)
+ {
+ case 0:
+ key_size = 16;
+ /* FALL */
+ case 16:
+ this->cipher_name = "AES-128/GCM(8)";
+ break;
+ case 24:
+ this->cipher_name = "AES-192/GCM(8)";
+ break;
+ case 32:
+ this->cipher_name = "AES-256/GCM(8)";
+ break;
+ default:
+ free(this);
+ return NULL;
+ }
+ this->icv_size = 8;
+ break;
+ case ENCR_AES_GCM_ICV12:
+ switch (key_size)
+ {
+ case 0:
+ key_size = 16;
+ /* FALL */
+ case 16:
+ this->cipher_name = "AES-128/GCM(12)";
+ break;
+ case 24:
+ this->cipher_name = "AES-192/GCM(12)";
+ break;
+ case 32:
+ this->cipher_name = "AES-256/GCM(12)";
+ break;
+ default:
+ free(this);
+ return NULL;
+ }
+ this->icv_size = 12;
+ break;
+ case ENCR_AES_GCM_ICV16:
+ switch (key_size)
+ {
+ case 0:
+ key_size = 16;
+ /* FALL */
+ case 16:
+ this->cipher_name = "AES-128/GCM";
+ break;
+ case 24:
+ this->cipher_name = "AES-192/GCM";
+ break;
+ case 32:
+ this->cipher_name = "AES-256/GCM";
+ break;
+ default:
+ free(this);
+ return NULL;
+ }
+ this->icv_size = 16;
+ break;
+ default:
+ free(this);
+ return NULL;
+ }
+
+ this->key = chunk_alloc(key_size);
+ this->iv_gen = iv_gen_seq_create();
+
+ return &this->public;
+}
+
+#endif
+#endif
diff --git a/src/libstrongswan/plugins/botan/botan_gcm.h b/src/libstrongswan/plugins/botan/botan_gcm.h
new file mode 100644
index 000000000..b2053cb4d
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_gcm.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2018 Atanas Filyanov
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * Implements the aead_t interface using Botan in GCM mode.
+ *
+ * @defgroup botan_gcm botan_gcm
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_GCM_H_
+#define BOTAN_GCM_H_
+
+#include <crypto/aead.h>
+
+/**
+ * Constructor to create aead_t implementation.
+ *
+ * @param algo algorithm to implement
+ * @param key_size key size in bytes
+ * @param salt_size size of implicit salt length
+ * @return aead_t object, NULL if not supported
+ */
+aead_t *botan_gcm_create(encryption_algorithm_t algo, size_t key_size,
+ size_t salt_size);
+
+#endif /** BOTAN_GCM_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_hasher.c b/src/libstrongswan/plugins/botan/botan_hasher.c
new file mode 100644
index 000000000..d574db0dc
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_hasher.c
@@ -0,0 +1,136 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_hasher.h"
+#include "botan_util.h"
+
+#include <utils/debug.h>
+
+#include <botan/ffi.h>
+
+typedef struct private_botan_hasher_t private_botan_hasher_t;
+
+/**
+ * Private data of botan_hasher_t
+ */
+struct private_botan_hasher_t {
+
+ /**
+ * Public part of this class.
+ */
+ botan_hasher_t public;
+
+ /**
+ * botan hash instance
+ */
+ botan_hash_t hash;
+};
+
+METHOD(hasher_t, get_hash_size, size_t,
+ private_botan_hasher_t *this)
+{
+ size_t len = 0;
+
+ if (botan_hash_output_length(this->hash, &len))
+ {
+ return 0;
+ }
+ return len;
+}
+
+METHOD(hasher_t, reset, bool,
+ private_botan_hasher_t *this)
+{
+ if (botan_hash_clear(this->hash))
+ {
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(hasher_t, get_hash, bool,
+ private_botan_hasher_t *this, chunk_t chunk, uint8_t *hash)
+{
+ if (botan_hash_update(this->hash, chunk.ptr, chunk.len))
+ {
+ return FALSE;
+ }
+
+ if (hash && botan_hash_final(this->hash, hash))
+ {
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(hasher_t, allocate_hash, bool,
+ private_botan_hasher_t *this, chunk_t chunk, chunk_t *hash)
+{
+ if (hash)
+ {
+ *hash = chunk_alloc(get_hash_size(this));
+ return get_hash(this, chunk, hash->ptr);
+ }
+ return get_hash(this, chunk, NULL);
+}
+
+METHOD(hasher_t, destroy, void,
+ private_botan_hasher_t *this)
+{
+ botan_hash_destroy(this->hash);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+botan_hasher_t *botan_hasher_create(hash_algorithm_t algo)
+{
+ private_botan_hasher_t *this;
+ const char* hash_name;
+
+ hash_name = botan_get_hash(algo);
+ if (!hash_name)
+ {
+ return FALSE;
+ }
+
+ INIT(this,
+ .public = {
+ .hasher = {
+ .get_hash = _get_hash,
+ .allocate_hash = _allocate_hash,
+ .get_hash_size = _get_hash_size,
+ .reset = _reset,
+ .destroy = _destroy,
+ },
+ },
+ );
+
+ if (botan_hash_init(&this->hash, hash_name, 0))
+ {
+ free(this);
+ return NULL;
+ }
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/botan/botan_hasher.h b/src/libstrongswan/plugins/botan/botan_hasher.h
new file mode 100644
index 000000000..164f63711
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_hasher.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup botan_hasher botan_hasher
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_HASHER_H_
+#define BOTAN_HASHER_H_
+
+typedef struct botan_hasher_t botan_hasher_t;
+
+#include <crypto/hashers/hasher.h>
+
+/**
+ * Implementation of hashers using botan.
+ */
+struct botan_hasher_t {
+
+ /**
+ * The hasher_t interface.
+ */
+ hasher_t hasher;
+};
+
+/**
+ * Constructor to create botan_hasher_t.
+ *
+ * @param algo algorithm
+ * @return botan_hasher_t, NULL if not supported
+ */
+botan_hasher_t *botan_hasher_create(hash_algorithm_t algo);
+
+#endif /** BOTAN_HASHER_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_hmac.c b/src/libstrongswan/plugins/botan/botan_hmac.c
new file mode 100644
index 000000000..367d27f24
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_hmac.c
@@ -0,0 +1,172 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_hmac.h"
+
+#include <botan/build.h>
+
+#ifdef BOTAN_HAS_HMAC
+
+#include <crypto/mac.h>
+#include <crypto/prfs/mac_prf.h>
+#include <crypto/signers/mac_signer.h>
+
+#include <botan/ffi.h>
+
+typedef struct private_botan_mac_t private_botan_mac_t;
+
+/**
+ * Private data of a mac_t object.
+ */
+struct private_botan_mac_t {
+
+ /**
+ * Public interface
+ */
+ mac_t public;
+
+ /**
+ * HMAC
+ */
+ botan_mac_t hmac;
+};
+
+METHOD(mac_t, set_key, bool,
+ private_botan_mac_t *this, chunk_t key)
+{
+ if (botan_mac_set_key(this->hmac, key.ptr, key.len))
+ {
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(mac_t, get_mac, bool,
+ private_botan_mac_t *this, chunk_t data, uint8_t *out)
+{
+ if (botan_mac_update(this->hmac, data.ptr, data.len))
+ {
+ return FALSE;
+ }
+
+ if (out && botan_mac_final(this->hmac, out))
+ {
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(mac_t, get_mac_size, size_t,
+ private_botan_mac_t *this)
+{
+ size_t len = 0;
+
+ if (botan_mac_output_length(this->hmac, &len))
+ {
+ return 0;
+ }
+ return len;
+}
+
+METHOD(mac_t, destroy, void,
+ private_botan_mac_t *this)
+{
+ botan_mac_destroy(this->hmac);
+ free(this);
+}
+
+/*
+ * Create a Botan-backed implementation of the mac_t interface
+ */
+static mac_t *hmac_create(hash_algorithm_t algo)
+{
+ private_botan_mac_t *this;
+ const char* hmac_name;
+
+ switch (algo)
+ {
+ case HASH_SHA1:
+ hmac_name = "HMAC(SHA-1)";
+ break;
+ case HASH_SHA256:
+ hmac_name = "HMAC(SHA-256)";
+ break;
+ case HASH_SHA384:
+ hmac_name = "HMAC(SHA-384)";
+ break;
+ case HASH_SHA512:
+ hmac_name = "HMAC(SHA-512)";
+ break;
+ default:
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .get_mac = _get_mac,
+ .get_mac_size = _get_mac_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ }
+ );
+
+ if (botan_mac_init(&this->hmac, hmac_name, 0))
+ {
+ free(this);
+ return NULL;
+ }
+ return &this->public;
+}
+
+/*
+ * Described in header
+ */
+prf_t *botan_hmac_prf_create(pseudo_random_function_t algo)
+{
+ mac_t *hmac;
+
+ hmac = hmac_create(hasher_algorithm_from_prf(algo));
+ if (hmac)
+ {
+ return mac_prf_create(hmac);
+ }
+ return NULL;
+}
+
+/*
+ * Described in header
+ */
+signer_t *botan_hmac_signer_create(integrity_algorithm_t algo)
+{
+ mac_t *hmac;
+ size_t trunc;
+
+ hmac = hmac_create(hasher_algorithm_from_integrity(algo, &trunc));
+ if (hmac)
+ {
+ return mac_signer_create(hmac, trunc);
+ }
+ return NULL;
+}
+
+#endif
diff --git a/src/libstrongswan/plugins/botan/botan_hmac.h b/src/libstrongswan/plugins/botan/botan_hmac.h
new file mode 100644
index 000000000..1deeea961
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_hmac.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * Implements HMAC based PRF and signer using Botan's HMAC functions.
+ *
+ * @defgroup botan_hmac botan_hmac
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_HMAC_H_
+#define BOTAN_HMAC_H_
+
+#include <crypto/prfs/prf.h>
+#include <crypto/signers/signer.h>
+
+/**
+ * Creates a new prf_t object based on an HMAC.
+ *
+ * @param algo algorithm to implement
+ * @return prf_t object, NULL if not supported
+ */
+prf_t *botan_hmac_prf_create(pseudo_random_function_t algo);
+
+/**
+ * Creates a new signer_t object based on an HMAC.
+ *
+ * @param algo algorithm to implement
+ * @return signer_t, NULL if not supported
+ */
+signer_t *botan_hmac_signer_create(integrity_algorithm_t algo);
+
+#endif /** BOTAN_HMAC_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_plugin.c b/src/libstrongswan/plugins/botan/botan_plugin.c
new file mode 100644
index 000000000..fd8e5f5a6
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_plugin.c
@@ -0,0 +1,313 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2018 René Korthaus
+ * Copyright (C) 2018 Konstantinos Kolelis
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_plugin.h"
+#include "botan_rng.h"
+#include "botan_hasher.h"
+#include "botan_crypter.h"
+#include "botan_diffie_hellman.h"
+#include "botan_hmac.h"
+#include "botan_rsa_public_key.h"
+#include "botan_rsa_private_key.h"
+#include "botan_ec_diffie_hellman.h"
+#include "botan_ec_public_key.h"
+#include "botan_ec_private_key.h"
+#include "botan_gcm.h"
+#include "botan_util_keys.h"
+#include "botan_x25519.h"
+
+#include <library.h>
+
+#include <botan/build.h>
+#include <botan/ffi.h>
+
+typedef struct private_botan_plugin_t private_botan_plugin_t;
+
+/**
+ * private data of botan_plugin
+ */
+struct private_botan_plugin_t {
+
+ /**
+ * public functions
+ */
+ botan_plugin_t public;
+};
+
+METHOD(plugin_t, get_name, char*,
+ private_botan_plugin_t *this)
+{
+ return "botan";
+}
+
+METHOD(plugin_t, get_features, int,
+ private_botan_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+
+#ifdef BOTAN_HAS_DIFFIE_HELLMAN
+ /* MODP DH groups */
+ PLUGIN_REGISTER(DH, botan_diffie_hellman_create),
+ PLUGIN_PROVIDE(DH, MODP_3072_BIT),
+ PLUGIN_PROVIDE(DH, MODP_4096_BIT),
+ PLUGIN_PROVIDE(DH, MODP_6144_BIT),
+ PLUGIN_PROVIDE(DH, MODP_8192_BIT),
+ PLUGIN_PROVIDE(DH, MODP_2048_BIT),
+ PLUGIN_PROVIDE(DH, MODP_2048_224),
+ PLUGIN_PROVIDE(DH, MODP_2048_256),
+ PLUGIN_PROVIDE(DH, MODP_1536_BIT),
+ PLUGIN_PROVIDE(DH, MODP_1024_BIT),
+ PLUGIN_PROVIDE(DH, MODP_1024_160),
+ PLUGIN_PROVIDE(DH, MODP_768_BIT),
+ PLUGIN_PROVIDE(DH, MODP_CUSTOM),
+#endif
+#ifdef BOTAN_HAS_ECDH
+ /* EC DH groups */
+ PLUGIN_REGISTER(DH, botan_ec_diffie_hellman_create),
+ PLUGIN_PROVIDE(DH, ECP_256_BIT),
+ PLUGIN_PROVIDE(DH, ECP_384_BIT),
+ PLUGIN_PROVIDE(DH, ECP_521_BIT),
+ PLUGIN_PROVIDE(DH, ECP_256_BP),
+ PLUGIN_PROVIDE(DH, ECP_384_BP),
+ PLUGIN_PROVIDE(DH, ECP_512_BP),
+#endif
+#ifdef BOTAN_HAS_X25519
+ PLUGIN_REGISTER(DH, botan_x25519_create),
+ PLUGIN_PROVIDE(DH, CURVE_25519),
+#endif
+
+ /* crypters */
+ PLUGIN_REGISTER(CRYPTER, botan_crypter_create),
+#ifdef BOTAN_HAS_AES
+ #ifdef BOTAN_HAS_MODE_CBC
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32),
+ #endif
+ #ifdef BOTAN_HAS_AEAD_GCM
+ /* AES GCM */
+ PLUGIN_REGISTER(AEAD, botan_gcm_create),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 16),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 24),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 32),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 16),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 24),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 32),
+ #endif
+#endif
+ /* hashers */
+ PLUGIN_REGISTER(HASHER, botan_hasher_create),
+#ifdef BOTAN_HAS_MD5
+ PLUGIN_PROVIDE(HASHER, HASH_MD5),
+#endif
+#ifdef BOTAN_HAS_SHA1
+ PLUGIN_PROVIDE(HASHER, HASH_SHA1),
+#endif
+#ifdef BOTAN_HAS_SHA2_32
+ PLUGIN_PROVIDE(HASHER, HASH_SHA224),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA256),
+#endif
+#ifdef BOTAN_HAS_SHA2_64
+ PLUGIN_PROVIDE(HASHER, HASH_SHA384),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA512),
+#endif
+ /* prfs */
+#ifdef BOTAN_HAS_HMAC
+ PLUGIN_REGISTER(PRF, botan_hmac_prf_create),
+#ifdef BOTAN_HAS_SHA1
+ PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA1),
+#endif
+#ifdef BOTAN_HAS_SHA2_32
+ PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_256),
+#endif
+#ifdef BOTAN_HAS_SHA2_64
+ PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_384),
+ PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_512),
+#endif
+ /* signer */
+ PLUGIN_REGISTER(SIGNER, botan_hmac_signer_create),
+#ifdef BOTAN_HAS_SHA1
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_96),
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_128),
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_160),
+#endif
+#ifdef BOTAN_HAS_SHA2_32
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_128),
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_256),
+#endif
+#ifdef BOTAN_HAS_SHA2_64
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_192),
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_384),
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256),
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512),
+#endif
+#endif /* BOTAN_HAS_HMAC */
+
+ /* generic key loaders */
+#if defined (BOTAN_HAS_RSA) || defined(BOTAN_HAS_ECDSA)
+ PLUGIN_REGISTER(PUBKEY, botan_public_key_load, TRUE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_ANY),
+#ifdef BOTAN_HAS_RSA
+ PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
+#endif
+#ifdef BOTAN_HAS_ECDSA
+ PLUGIN_PROVIDE(PUBKEY, KEY_ECDSA),
+#endif
+ PLUGIN_REGISTER(PRIVKEY, botan_private_key_load, TRUE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
+#ifdef BOTAN_HAS_RSA
+ PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
+#endif
+#ifdef BOTAN_HAS_ECDSA
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA),
+#endif
+#endif
+ /* RSA */
+#ifdef BOTAN_HAS_RSA
+ /* public/private key loading/generation */
+ PLUGIN_REGISTER(PUBKEY, botan_rsa_public_key_load, TRUE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
+ PLUGIN_REGISTER(PRIVKEY, botan_rsa_private_key_load, TRUE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
+ PLUGIN_REGISTER(PRIVKEY_GEN, botan_rsa_private_key_gen, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA),
+ /* encryption/signature schemes */
+#ifdef BOTAN_HAS_EMSA_PKCS1
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL),
+#ifdef BOTAN_HAS_SHA1
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
+#endif
+#ifdef BOTAN_HAS_SHA2_32
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
+#endif
+#ifdef BOTAN_HAS_SHA2_64
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512),
+#endif
+#endif
+#ifdef BOTAN_HAS_EMSA_PSSR
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS),
+#endif
+ PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_PKCS1),
+ PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_PKCS1),
+#ifdef BOTAN_HAS_EME_OAEP
+#ifdef BOTAN_HAS_SHA2_32
+ PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA224),
+ PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA256),
+#endif
+#ifdef BOTAN_HAS_SHA2_64
+ PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA384),
+ PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA512),
+#endif
+#endif
+#endif /* BOTAN_HAS_RSA */
+
+#ifdef BOTAN_HAS_ECDSA
+ /* EC private/public key loading */
+ PLUGIN_REGISTER(PRIVKEY, botan_ec_private_key_load, TRUE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
+ PLUGIN_REGISTER(PRIVKEY_GEN, botan_ec_private_key_gen, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ECDSA),
+#ifdef BOTAN_HAS_EMSA_RAW
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_NULL),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_NULL),
+#endif
+#ifdef BOTAN_HAS_EMSA1
+#ifdef BOTAN_HAS_SHA1
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA1_DER),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA1_DER),
+#endif
+#ifdef BOTAN_HAS_SHA2_32
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA256_DER),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA256_DER),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_256),
+#endif
+#ifndef BOTAN_HAS_SHA2_64
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA384_DER),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA512_DER),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA384_DER),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA512_DER),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_384),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_521),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_384),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_521),
+#endif
+#endif /* BOTAN_HAS_EMSA1 */
+#endif /* BOTAN_HAS_ECDSA */
+
+ /* random numbers */
+#if BOTAN_HAS_SYSTEM_RNG
+#if BOTAN_HAS_HMAC_DRBG
+ PLUGIN_REGISTER(RNG, botan_rng_create),
+ PLUGIN_PROVIDE(RNG, RNG_WEAK),
+ PLUGIN_PROVIDE(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(RNG, RNG_TRUE)
+#endif
+#endif
+ };
+ *features = f;
+ return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+ private_botan_plugin_t *this)
+{
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+plugin_t *botan_plugin_create()
+{
+ private_botan_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .get_name = _get_name,
+ .get_features = _get_features,
+ .destroy = _destroy,
+ },
+ },
+ );
+
+ return &this->public.plugin;
+}
diff --git a/src/libstrongswan/plugins/botan/botan_plugin.h b/src/libstrongswan/plugins/botan/botan_plugin.h
new file mode 100644
index 000000000..fdb08a90e
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_plugin.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup botan_p botan
+ * @ingroup plugins
+ *
+ * @defgroup botan_plugin botan_plugin
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_PLUGIN_H_
+#define BOTAN_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct botan_plugin_t botan_plugin_t;
+
+/**
+ * Plugin implementing crypto functions using Botan.
+ */
+struct botan_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+#endif /** BOTAN_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_rng.c b/src/libstrongswan/plugins/botan/botan_rng.c
new file mode 100644
index 000000000..c49225c3c
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_rng.c
@@ -0,0 +1,130 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_rng.h"
+
+#include <botan/build.h>
+
+#ifdef BOTAN_HAS_HMAC_DRBG
+
+#include <botan/ffi.h>
+
+typedef struct private_botan_random_t private_botan_random_t;
+
+/**
+ * Private data of an botan_rng_t object.
+ */
+struct private_botan_random_t {
+
+ /**
+ * Public botan_rnd_t interface.
+ */
+ botan_random_t public;
+
+ /**
+ * RNG quality of this instance
+ */
+ rng_quality_t quality;
+
+ /**
+ * RNG instance
+ */
+ botan_rng_t rng;
+};
+
+METHOD(rng_t, get_bytes, bool,
+ private_botan_random_t *this, size_t bytes, uint8_t *buffer)
+{
+ return botan_rng_get(this->rng, buffer, bytes) == 0;
+}
+
+METHOD(rng_t, allocate_bytes, bool,
+ private_botan_random_t *this, size_t bytes, chunk_t *chunk)
+{
+ *chunk = chunk_alloc(bytes);
+ if (!get_bytes(this, chunk->len, chunk->ptr))
+ {
+ chunk_free(chunk);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(rng_t, destroy, void,
+ private_botan_random_t *this)
+{
+ botan_rng_destroy(this->rng);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+botan_random_t *botan_rng_create(rng_quality_t quality)
+{
+ private_botan_random_t *this;
+ const char* rng_name;
+
+ switch (quality)
+ {
+ case RNG_WEAK:
+ case RNG_STRONG:
+ /* some rng_t instances of this class (e.g. in the ike-sa-manager)
+ * may be called concurrently by different threads. the Botan RNGs
+ * are not reentrant, by default, so use the threadsafe version.
+ * because we build without threading support when running tests
+ * with leak-detective (lots of reports of frees of unknown memory)
+ * there is a fallback to the default */
+#ifdef BOTAN_TARGET_OS_HAS_THREADS
+ rng_name = "user-threadsafe";
+#else
+ rng_name = "user";
+#endif
+ break;
+ case RNG_TRUE:
+ rng_name = "system";
+ break;
+ default:
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .rng = {
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .destroy = _destroy,
+ },
+ },
+ .quality = quality,
+ );
+
+ if (botan_rng_init(&this->rng, rng_name))
+ {
+ free(this);
+ return NULL;
+ }
+ return &this->public;
+}
+
+#endif
diff --git a/src/libstrongswan/plugins/botan/botan_rng.h b/src/libstrongswan/plugins/botan/botan_rng.h
new file mode 100644
index 000000000..087288863
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_rng.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup botan_rng botan_rng
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_RNG_H_
+#define BOTAN_RNG_H_
+
+typedef struct botan_random_t botan_random_t;
+
+#include <library.h>
+
+/**
+ * rng_t implementation using botan.
+ *
+ * @note botan_rng_t is a botan reserved type.
+ */
+struct botan_random_t {
+
+ /**
+ * Implements rng_t.
+ */
+ rng_t rng;
+};
+
+/**
+ * Creates a botan_random_t instance.
+ *
+ * @param quality required quality of randomness
+ * @return botan_random_t instance
+ */
+botan_random_t *botan_rng_create(rng_quality_t quality);
+
+#endif /** BOTAN_RNG_H_ @} */
diff --git a/src/libstrongswan/plugins/botan/botan_rsa_private_key.c b/src/libstrongswan/plugins/botan/botan_rsa_private_key.c
new file mode 100644
index 000000000..bb723ff95
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_rsa_private_key.c
@@ -0,0 +1,694 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_rsa_private_key.h"
+#include "botan_rsa_public_key.h"
+
+#include <botan/build.h>
+
+#ifdef BOTAN_HAS_RSA
+
+#include "botan_util.h"
+
+#include <botan/ffi.h>
+
+#include <utils/debug.h>
+
+typedef struct private_botan_rsa_private_key_t private_botan_rsa_private_key_t;
+
+/**
+ * Private data of a botan_rsa_private_key_t object.
+ */
+struct private_botan_rsa_private_key_t {
+
+ /**
+ * Public interface for this signer.
+ */
+ botan_rsa_private_key_t public;
+
+ /**
+ * Botan private key
+ */
+ botan_privkey_t key;
+
+ /**
+ * reference count
+ */
+ refcount_t ref;
+};
+
+/**
+ * Get the Botan string identifier for an EMSA PSS signature
+ */
+bool botan_emsa_pss_identifier(rsa_pss_params_t *params, char *id, size_t len)
+{
+ const char *hash;
+
+ if (!params)
+ {
+ return FALSE;
+ }
+
+ /* botan currently does not support passing the mgf1 hash */
+ if (params->hash != params->mgf1_hash)
+ {
+ DBG1(DBG_LIB, "passing mgf1 hash not supported via botan");
+ return FALSE;
+ }
+
+ hash = botan_get_hash(params->hash);
+ if (!hash)
+ {
+ return FALSE;
+ }
+
+ if (params->salt_len > RSA_PSS_SALT_LEN_DEFAULT)
+ {
+ return snprintf(id, len, "EMSA-PSS(%s,MGF1,%zd)", hash,
+ params->salt_len) < len;
+ }
+ return snprintf(id, len, "EMSA-PSS(%s,MGF1)", hash) < len;
+}
+
+/**
+ * Build an EMSA PSS signature described in PKCS#1
+ */
+static bool build_emsa_pss_signature(private_botan_rsa_private_key_t *this,
+ rsa_pss_params_t *params, chunk_t data,
+ chunk_t *sig)
+{
+ char hash_and_padding[BUF_LEN];
+
+ if (!botan_emsa_pss_identifier(params, hash_and_padding,
+ sizeof(hash_and_padding)))
+ {
+ return FALSE;
+ }
+ return botan_get_signature(this->key, hash_and_padding, data, sig);
+}
+
+METHOD(private_key_t, get_type, key_type_t,
+ private_botan_rsa_private_key_t *this)
+{
+ return KEY_RSA;
+}
+
+METHOD(private_key_t, sign, bool,
+ private_botan_rsa_private_key_t *this, signature_scheme_t scheme,
+ void *params, chunk_t data, chunk_t *signature)
+{
+ switch (scheme)
+ {
+ case SIGN_RSA_EMSA_PKCS1_NULL:
+ return botan_get_signature(this->key, "EMSA_PKCS1(Raw)", data,
+ signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA1:
+ return botan_get_signature(this->key, "EMSA_PKCS1(SHA-1)", data,
+ signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
+ return botan_get_signature(this->key, "EMSA_PKCS1(SHA-224)", data,
+ signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
+ return botan_get_signature(this->key, "EMSA_PKCS1(SHA-256)", data,
+ signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
+ return botan_get_signature(this->key, "EMSA_PKCS1(SHA-384)", data,
+ signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
+ return botan_get_signature(this->key, "EMSA_PKCS1(SHA-512)", data,
+ signature);
+ case SIGN_RSA_EMSA_PSS:
+ return build_emsa_pss_signature(this, params, data, signature);
+ default:
+ DBG1(DBG_LIB, "signature scheme %N not supported via botan",
+ signature_scheme_names, scheme);
+ return FALSE;
+ }
+}
+
+METHOD(private_key_t, decrypt, bool,
+ private_botan_rsa_private_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypto, chunk_t *plain)
+{
+ botan_pk_op_decrypt_t decrypt_op;
+ const char *padding;
+
+ switch (scheme)
+ {
+ case ENCRYPT_RSA_PKCS1:
+ padding = "PKCS1v15";
+ break;
+ case ENCRYPT_RSA_OAEP_SHA1:
+ padding = "OAEP(SHA-1)";
+ break;
+ case ENCRYPT_RSA_OAEP_SHA224:
+ padding = "OAEP(SHA-224)";
+ break;
+ case ENCRYPT_RSA_OAEP_SHA256:
+ padding = "OAEP(SHA-256)";
+ break;
+ case ENCRYPT_RSA_OAEP_SHA384:
+ padding = "OAEP(SHA-384)";
+ break;
+ case ENCRYPT_RSA_OAEP_SHA512:
+ padding = "OAEP(SHA-512)";
+ break;
+ default:
+ DBG1(DBG_LIB, "encryption scheme %N not supported via botan",
+ encryption_scheme_names, scheme);
+ return FALSE;
+ }
+
+ if (botan_pk_op_decrypt_create(&decrypt_op, this->key, padding, 0))
+ {
+ return FALSE;
+ }
+
+ plain->len = 0;
+ if (botan_pk_op_decrypt_output_length(decrypt_op, crypto.len, &plain->len))
+ {
+ botan_pk_op_decrypt_destroy(decrypt_op);
+ return FALSE;
+ }
+
+ *plain = chunk_alloc(plain->len);
+ if (botan_pk_op_decrypt(decrypt_op, plain->ptr, &plain->len, crypto.ptr,
+ crypto.len))
+ {
+ chunk_free(plain);
+ botan_pk_op_decrypt_destroy(decrypt_op);
+ return FALSE;
+ }
+ botan_pk_op_decrypt_destroy(decrypt_op);
+ return TRUE;
+}
+
+METHOD(private_key_t, get_keysize, int,
+ private_botan_rsa_private_key_t *this)
+{
+ botan_mp_t n;
+ size_t bits = 0;
+
+ if (botan_mp_init(&n))
+ {
+ return 0;
+ }
+
+ if (botan_privkey_rsa_get_n(n, this->key) ||
+ botan_mp_num_bits(n, &bits))
+ {
+ botan_mp_destroy(n);
+ return 0;
+ }
+
+ botan_mp_destroy(n);
+ return bits;
+}
+
+METHOD(private_key_t, get_public_key, public_key_t*,
+ private_botan_rsa_private_key_t *this)
+{
+ botan_pubkey_t pubkey;
+
+ if (botan_privkey_export_pubkey(&pubkey, this->key))
+ {
+ return NULL;
+ }
+ return (public_key_t*)botan_rsa_public_key_adopt(pubkey);
+}
+
+METHOD(private_key_t, get_fingerprint, bool,
+ private_botan_rsa_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *fingerprint)
+{
+ botan_pubkey_t pubkey;
+ bool success = FALSE;
+
+ /* check the cache before doing the export */
+ if (lib->encoding->get_cache(lib->encoding, type, this, fingerprint))
+ {
+ return TRUE;
+ }
+
+ if (botan_privkey_export_pubkey(&pubkey, this->key))
+ {
+ return FALSE;
+ }
+ success = botan_get_fingerprint(pubkey, this, type, fingerprint);
+ botan_pubkey_destroy(pubkey);
+ return success;
+}
+
+METHOD(private_key_t, get_encoding, bool,
+ private_botan_rsa_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
+{
+ return botan_get_privkey_encoding(this->key, type, encoding);
+}
+
+METHOD(private_key_t, get_ref, private_key_t*,
+ private_botan_rsa_private_key_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.key;
+}
+
+METHOD(private_key_t, destroy, void,
+ private_botan_rsa_private_key_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ lib->encoding->clear_cache(lib->encoding, this);
+ botan_privkey_destroy(this->key);
+ free(this);
+ }
+}
+
+/**
+ * Internal generic constructor
+ */
+static private_botan_rsa_private_key_t *create_empty()
+{
+ private_botan_rsa_private_key_t *this;
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .sign = _sign,
+ .decrypt = _decrypt,
+ .get_keysize = _get_keysize,
+ .get_public_key = _get_public_key,
+ .equals = private_key_equals,
+ .belongs_to = private_key_belongs_to,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = private_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
+
+ return this;
+}
+
+/*
+ * Described in header
+ */
+botan_rsa_private_key_t *botan_rsa_private_key_adopt(botan_privkey_t key)
+{
+ private_botan_rsa_private_key_t *this;
+
+ this = create_empty();
+ this->key = key;
+
+ return &this->public;
+}
+
+/*
+ * Described in header
+ */
+botan_rsa_private_key_t *botan_rsa_private_key_gen(key_type_t type,
+ va_list args)
+{
+ private_botan_rsa_private_key_t *this;
+ botan_rng_t rng;
+ u_int key_size = 0;
+
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_KEY_SIZE:
+ key_size = va_arg(args, u_int);
+ continue;
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+
+ if (!key_size)
+ {
+ return NULL;
+ }
+
+ if (botan_rng_init(&rng, "system"))
+ {
+ return NULL;
+ }
+
+ this = create_empty();
+
+ if (botan_privkey_create_rsa(&this->key, rng, key_size))
+ {
+ botan_rng_destroy(rng);
+ free(this);
+ return NULL;
+ }
+ botan_rng_destroy(rng);
+ return &this->public;
+}
+
+/**
+ * Recover the primes from n, e and d using the algorithm described in
+ * Appendix C of NIST SP 800-56B.
+ */
+static bool calculate_pq(botan_mp_t *n, botan_mp_t *e, botan_mp_t *d,
+ botan_mp_t *p, botan_mp_t *q)
+{
+ botan_mp_t k = NULL, one = NULL, r = NULL, zero = NULL, two = NULL;
+ botan_mp_t n1 = NULL, x = NULL, y = NULL, g = NULL, rem = NULL;
+ botan_rng_t rng = NULL;
+ int i, t, j;
+ bool success = FALSE;
+
+ if (botan_mp_init(&k) ||
+ botan_mp_init(&one) ||
+ botan_mp_set_from_int(one, 1))
+ {
+ goto error;
+ }
+
+ /* 1. k = d * e - 1 */
+ if (botan_mp_mul(k, *d, *e) || botan_mp_sub(k, k, one))
+ {
+ goto error;
+ }
+
+ /* k must be even */
+ if (!botan_mp_is_even(k))
+ {
+ goto error;
+ }
+
+ /* 2. k = 2^t * r, where r is the largest odd integer dividing k, and t >= 1 */
+ if (botan_mp_init(&r) ||
+ botan_mp_set_from_mp(r, k))
+ {
+ goto error;
+ }
+
+ for (t = 0; !botan_mp_is_odd(r); t++)
+ {
+ if (botan_mp_rshift(r, r, 1))
+ {
+ goto error;
+ }
+ }
+
+ /* need 0 and n-1 below */
+ if (botan_mp_init(&zero) ||
+ botan_mp_init(&n1) ||
+ botan_mp_sub(n1, *n, one))
+ {
+ goto error;
+ }
+
+ if (botan_mp_init(&g))
+ {
+ goto error;
+ }
+
+ if (botan_rng_init(&rng, "user"))
+ {
+ goto error;
+ }
+
+ if (botan_mp_init(&two))
+ {
+ goto error;
+ }
+
+ if (botan_mp_set_from_int(two, 2))
+ {
+ goto error;
+ }
+
+ if (botan_mp_init(&y) ||
+ botan_mp_init(&x))
+ {
+ goto error;
+ }
+
+ for (i = 0; i < 100; i++)
+ {
+ /* 3a. generate a random integer g in the range [0, n-1] */
+ if (botan_mp_rand_range(g, rng, zero, n1))
+ {
+ goto error;
+ }
+ /* 3b. y = g^r mod n */
+ if (botan_mp_powmod(y, g, r, *n))
+ {
+ goto error;
+ }
+
+ /* 3c. If y = 1 or y = n – 1, try again */
+ if (botan_mp_equal(y, one) || botan_mp_equal(y, n1))
+ {
+ continue;
+ }
+
+ for (j = 0; j < t; j++)
+ {
+ /* x = y^2 mod n */
+ if (botan_mp_powmod(x, y, two, *n))
+ {
+ goto error;
+ }
+
+ /* stop if x == 1 */
+ if (botan_mp_equal(x, one))
+ {
+ goto done;
+ }
+
+ /* retry with new g if x = n-1 */
+ if (botan_mp_equal(x, n1))
+ {
+ break;
+ }
+
+ /* let y = x */
+ if (botan_mp_set_from_mp(y, x))
+ {
+ goto error;
+ }
+ }
+ }
+
+done:
+ /* 5. p = GCD(y – 1, n) and q = n/p */
+ if (botan_mp_sub(y, y, one))
+ {
+ goto error;
+ }
+
+ if (botan_mp_init(p) ||
+ botan_mp_gcd(*p, y, *n))
+ {
+ goto error;
+ }
+
+ if (botan_mp_init(q) ||
+ botan_mp_init(&rem) ||
+ botan_mp_div(*q, rem, *n, *p))
+ {
+ goto error;
+ }
+
+ if (!botan_mp_is_zero(rem))
+ {
+ goto error;
+ }
+
+ success = TRUE;
+
+error:
+ if (!success)
+ {
+ botan_mp_destroy(*p);
+ botan_mp_destroy(*q);
+ }
+ botan_rng_destroy(rng);
+ botan_mp_destroy(k);
+ botan_mp_destroy(one);
+ botan_mp_destroy(r);
+ botan_mp_destroy(zero);
+ botan_mp_destroy(two);
+ botan_mp_destroy(n1);
+ botan_mp_destroy(x);
+ botan_mp_destroy(y);
+ botan_mp_destroy(g);
+ botan_mp_destroy(rem);
+ return success;
+}
+
+/*
+ * Described in header
+ */
+botan_rsa_private_key_t *botan_rsa_private_key_load(key_type_t type,
+ va_list args)
+{
+ private_botan_rsa_private_key_t *this;
+ chunk_t n, e, d, p, q, blob;
+
+ n = e = d = p = q = blob = chunk_empty;
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_BLOB_ASN1_DER:
+ blob = va_arg(args, chunk_t);
+ continue;
+ case BUILD_RSA_MODULUS:
+ n = va_arg(args, chunk_t);
+ continue;
+ case BUILD_RSA_PUB_EXP:
+ e = va_arg(args, chunk_t);
+ continue;
+ case BUILD_RSA_PRIV_EXP:
+ d = va_arg(args, chunk_t);
+ continue;
+ case BUILD_RSA_PRIME1:
+ p = va_arg(args, chunk_t);
+ continue;
+ case BUILD_RSA_PRIME2:
+ q = va_arg(args, chunk_t);
+ continue;
+ case BUILD_RSA_EXP1:
+ case BUILD_RSA_EXP2:
+ case BUILD_RSA_COEFF:
+ /* not required for botan */
+ va_arg(args, chunk_t);
+ continue;
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+
+ if (type == KEY_ANY && !blob.ptr)
+ {
+ return NULL;
+ }
+
+ if (blob.ptr)
+ {
+ this = create_empty();
+
+ if (botan_privkey_load_rsa_pkcs1(&this->key, blob.ptr, blob.len))
+ {
+ free(this);
+ return NULL;
+ }
+ return &this->public;
+ }
+
+ if (n.ptr && e.ptr && d.ptr)
+ {
+ botan_mp_t n_mp, e_mp, d_mp, p_mp, q_mp;
+
+ if (!chunk_to_botan_mp(n, &n_mp))
+ {
+ return NULL;
+ }
+
+ if (!chunk_to_botan_mp(e, &e_mp))
+ {
+ botan_mp_destroy(n_mp);
+ return NULL;
+ }
+
+ if (!chunk_to_botan_mp(d, &d_mp))
+ {
+ botan_mp_destroy(n_mp);
+ botan_mp_destroy(e_mp);
+ return NULL;
+ }
+
+ if (p.ptr && q.ptr)
+ {
+ if (!chunk_to_botan_mp(p, &p_mp))
+ {
+ botan_mp_destroy(n_mp);
+ botan_mp_destroy(e_mp);
+ botan_mp_destroy(d_mp);
+ return NULL;
+ }
+
+ if (!chunk_to_botan_mp(q, &q_mp))
+ {
+ botan_mp_destroy(n_mp);
+ botan_mp_destroy(e_mp);
+ botan_mp_destroy(d_mp);
+ botan_mp_destroy(p_mp);
+ return NULL;
+ }
+ }
+ else
+ {
+ /* calculate p,q from n, e, d */
+ if (!calculate_pq(&n_mp, &e_mp, &d_mp, &p_mp, &q_mp))
+ {
+ botan_mp_destroy(n_mp);
+ botan_mp_destroy(e_mp);
+ botan_mp_destroy(d_mp);
+ return NULL;
+ }
+ }
+ botan_mp_destroy(n_mp);
+ botan_mp_destroy(d_mp);
+
+ this = create_empty();
+
+ if (botan_privkey_load_rsa(&this->key, p_mp, q_mp, e_mp))
+ {
+ botan_mp_destroy(e_mp);
+ botan_mp_destroy(p_mp);
+ botan_mp_destroy(q_mp);
+ free(this);
+ return NULL;
+ }
+
+ botan_mp_destroy(e_mp);
+ botan_mp_destroy(p_mp);
+ botan_mp_destroy(q_mp);
+
+ return &this->public;
+ }
+
+ return NULL;
+}
+
+#endif
diff --git a/src/libstrongswan/plugins/botan/botan_rsa_private_key.h b/src/libstrongswan/plugins/botan/botan_rsa_private_key.h
new file mode 100644
index 000000000..f0f419c7f
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_rsa_private_key.h
@@ -0,0 +1,82 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup botan_rsa_private_key botan_rsa_private_key
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_RSA_PRIVATE_KEY_H_
+#define BOTAN_RSA_PRIVATE_KEY_H_
+
+#include <botan/ffi.h>
+
+#include <credentials/builder.h>
+#include <credentials/keys/private_key.h>
+
+typedef struct botan_rsa_private_key_t botan_rsa_private_key_t;
+
+/**
+ * private_key_t implementation of RSA algorithm using Botan.
+ */
+struct botan_rsa_private_key_t {
+
+ /**
+ * Implements private_key_t interface
+ */
+ private_key_t key;
+};
+
+/**
+ * Generate a RSA private key using Botan.
+ *
+ * Accepts the BUILD_KEY_SIZE argument.
+ *
+ * @param type type of the key, must be KEY_RSA
+ * @param args builder_part_t argument list
+ * @return generated key, NULL on failure
+ */
+botan_rsa_private_key_t *botan_rsa_private_key_gen(key_type_t type,
+ va_list args);
+
+/**
+ * Load a RSA private key using Botan.
+ *
+ * Accepts a BUILD_BLOB_ASN1_DER argument.
+ *
+ * @param type type of the key, must be KEY_RSA
+ * @param args builder_part_t argument list
+ * @return loaded key, NULL on failure
+ */
+botan_rsa_private_key_t *botan_rsa_private_key_load(key_type_t type,
+ va_list args);
+
+/**
+ * Load a RSA private key by adopting a botan_privkey_t object.
+ *
+ * @param key private key object (adopted)
+ * @return loaded key, NULL on failure
+ */
+botan_rsa_private_key_t *botan_rsa_private_key_adopt(botan_privkey_t key);
+
+#endif /** BOTAN_RSA_PRIVATE_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_rsa_public_key.c b/src/libstrongswan/plugins/botan/botan_rsa_public_key.c
new file mode 100644
index 000000000..c6e2e8861
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_rsa_public_key.c
@@ -0,0 +1,376 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_rsa_public_key.h"
+
+#include <botan/build.h>
+
+#ifdef BOTAN_HAS_RSA
+
+#include "botan_util.h"
+
+#include <asn1/oid.h>
+#include <asn1/asn1.h>
+#include <asn1/asn1_parser.h>
+
+#include <utils/debug.h>
+
+#include <botan/ffi.h>
+
+typedef struct private_botan_rsa_public_key_t private_botan_rsa_public_key_t;
+
+/**
+ * Private data structure with signing context.
+ */
+struct private_botan_rsa_public_key_t {
+
+ /**
+ * Public interface for this signer
+ */
+ botan_rsa_public_key_t public;
+
+ /**
+ * Botan public key
+ */
+ botan_pubkey_t key;
+
+ /**
+ * Reference counter
+ */
+ refcount_t ref;
+};
+
+/**
+ * Defined in botan_rsa_private_key.c
+ */
+bool botan_emsa_pss_identifier(rsa_pss_params_t *params, char *id, size_t len);
+
+/**
+ * Verify RSA signature
+ */
+static bool verify_rsa_signature(private_botan_rsa_public_key_t *this,
+ const char* hash_and_padding, chunk_t data,
+ chunk_t signature)
+{
+ botan_pk_op_verify_t verify_op;
+ bool valid = FALSE;
+
+ if (botan_pk_op_verify_create(&verify_op, this->key, hash_and_padding, 0))
+ {
+ return FALSE;
+ }
+
+ if (botan_pk_op_verify_update(verify_op, data.ptr, data.len))
+ {
+ botan_pk_op_verify_destroy(verify_op);
+ return FALSE;
+ }
+
+ valid = !botan_pk_op_verify_finish(verify_op, signature.ptr, signature.len);
+
+ botan_pk_op_verify_destroy(verify_op);
+ return valid;
+}
+
+/**
+ * Verification of an EMSA PSS signature described in PKCS#1
+ */
+static bool verify_emsa_pss_signature(private_botan_rsa_public_key_t *this,
+ rsa_pss_params_t *params, chunk_t data,
+ chunk_t signature)
+{
+ char hash_and_padding[BUF_LEN];
+
+ if (!botan_emsa_pss_identifier(params, hash_and_padding,
+ sizeof(hash_and_padding)))
+ {
+ return FALSE;
+ }
+ return verify_rsa_signature(this, hash_and_padding, data, signature);
+}
+
+METHOD(public_key_t, get_type, key_type_t,
+ private_botan_rsa_public_key_t *this)
+{
+ return KEY_RSA;
+}
+
+METHOD(public_key_t, verify, bool,
+ private_botan_rsa_public_key_t *this, signature_scheme_t scheme,
+ void *params, chunk_t data, chunk_t signature)
+{
+ switch (scheme)
+ {
+ case SIGN_RSA_EMSA_PKCS1_NULL:
+ return verify_rsa_signature(this, "EMSA_PKCS1(Raw)", data,
+ signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA1:
+ return verify_rsa_signature(this, "EMSA_PKCS1(SHA-1)", data,
+ signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
+ return verify_rsa_signature(this, "EMSA_PKCS1(SHA-224)",
+ data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
+ return verify_rsa_signature(this, "EMSA_PKCS1(SHA-256)",
+ data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
+ return verify_rsa_signature(this, "EMSA_PKCS1(SHA-384)",
+ data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
+ return verify_rsa_signature(this, "EMSA_PKCS1(SHA-512)",
+ data, signature);
+ case SIGN_RSA_EMSA_PSS:
+ return verify_emsa_pss_signature(this, params, data, signature);
+ default:
+ DBG1(DBG_LIB, "signature scheme %N not supported via botan",
+ signature_scheme_names, scheme);
+ return FALSE;
+ }
+}
+
+METHOD(public_key_t, encrypt, bool,
+ private_botan_rsa_public_key_t *this, encryption_scheme_t scheme,
+ chunk_t plain, chunk_t *crypto)
+{
+ botan_pk_op_encrypt_t encrypt_op;
+ botan_rng_t rng;
+ const char* padding;
+
+ switch (scheme)
+ {
+ case ENCRYPT_RSA_PKCS1:
+ padding = "PKCS1v15";
+ break;
+ case ENCRYPT_RSA_OAEP_SHA1:
+ padding = "OAEP(SHA-1)";
+ break;
+ case ENCRYPT_RSA_OAEP_SHA224:
+ padding = "OAEP(SHA-224)";
+ break;
+ case ENCRYPT_RSA_OAEP_SHA256:
+ padding = "OAEP(SHA-256)";
+ break;
+ case ENCRYPT_RSA_OAEP_SHA384:
+ padding = "OAEP(SHA-384)";
+ break;
+ case ENCRYPT_RSA_OAEP_SHA512:
+ padding = "OAEP(SHA-512)";
+ break;
+ default:
+ DBG1(DBG_LIB, "encryption scheme %N not supported via botan",
+ encryption_scheme_names, scheme);
+ return FALSE;
+ }
+
+ if (botan_rng_init(&rng, "user"))
+ {
+ return FALSE;
+ }
+
+ if (botan_pk_op_encrypt_create(&encrypt_op, this->key, padding, 0))
+ {
+ botan_rng_destroy(rng);
+ return FALSE;
+ }
+
+ crypto->len = 0;
+ if (botan_pk_op_encrypt_output_length(encrypt_op, plain.len, &crypto->len))
+ {
+ botan_rng_destroy(rng);
+ botan_pk_op_encrypt_destroy(encrypt_op);
+ return FALSE;
+ }
+
+ *crypto = chunk_alloc(crypto->len);
+ if (botan_pk_op_encrypt(encrypt_op, rng, crypto->ptr, &crypto->len,
+ plain.ptr, plain.len))
+ {
+ chunk_free(crypto);
+ botan_rng_destroy(rng);
+ botan_pk_op_encrypt_destroy(encrypt_op);
+ return FALSE;
+ }
+ botan_rng_destroy(rng);
+ botan_pk_op_encrypt_destroy(encrypt_op);
+ return TRUE;
+}
+
+METHOD(public_key_t, get_keysize, int,
+ private_botan_rsa_public_key_t *this)
+{
+ botan_mp_t n;
+ size_t bits = 0;
+
+ if (botan_mp_init(&n))
+ {
+ return 0;
+ }
+
+ if (botan_pubkey_rsa_get_n(n, this->key) ||
+ botan_mp_num_bits(n, &bits))
+ {
+ botan_mp_destroy(n);
+ return 0;
+ }
+
+ botan_mp_destroy(n);
+ return bits;
+}
+
+METHOD(public_key_t, get_fingerprint, bool,
+ private_botan_rsa_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *fp)
+{
+ return botan_get_fingerprint(this->key, this, type, fp);
+}
+
+METHOD(public_key_t, get_encoding, bool,
+ private_botan_rsa_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
+{
+ return botan_get_encoding(this->key, type, encoding);
+}
+
+METHOD(public_key_t, get_ref, public_key_t*,
+ private_botan_rsa_public_key_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.key;
+}
+
+METHOD(public_key_t, destroy, void,
+ private_botan_rsa_public_key_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ lib->encoding->clear_cache(lib->encoding, this);
+ botan_pubkey_destroy(this->key);
+ free(this);
+ }
+}
+
+/**
+ * Internal generic constructor
+ */
+static private_botan_rsa_public_key_t *create_empty()
+{
+ private_botan_rsa_public_key_t *this;
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .verify = _verify,
+ .encrypt = _encrypt,
+ .equals = public_key_equals,
+ .get_keysize = _get_keysize,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = public_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
+
+ return this;
+}
+
+/*
+ * Described in header
+ */
+botan_rsa_public_key_t *botan_rsa_public_key_adopt(botan_pubkey_t key)
+{
+ private_botan_rsa_public_key_t *this;
+
+ this = create_empty();
+ this->key = key;
+
+ return &this->public;
+}
+
+/*
+ * Described in header
+ */
+botan_rsa_public_key_t *botan_rsa_public_key_load(key_type_t type,
+ va_list args)
+{
+ private_botan_rsa_public_key_t *this = NULL;
+ chunk_t n, e;
+
+ n = e = chunk_empty;
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_RSA_MODULUS:
+ n = va_arg(args, chunk_t);
+ continue;
+ case BUILD_RSA_PUB_EXP:
+ e = va_arg(args, chunk_t);
+ continue;
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+
+ if (n.ptr && e.ptr && type == KEY_RSA)
+ {
+ botan_mp_t mp_n, mp_e;
+
+ if (!chunk_to_botan_mp(n, &mp_n))
+ {
+ return NULL;
+ }
+
+ if (!chunk_to_botan_mp(e, &mp_e))
+ {
+ botan_mp_destroy(mp_n);
+ return NULL;
+ }
+
+ this = create_empty();
+
+ if (botan_pubkey_load_rsa(&this->key, mp_n, mp_e))
+ {
+ botan_mp_destroy(mp_n);
+ botan_mp_destroy(mp_e);
+ free(this);
+ return NULL;
+ }
+
+ botan_mp_destroy(mp_n);
+ botan_mp_destroy(mp_e);
+ }
+
+ return &this->public;
+}
+
+#endif
diff --git a/src/libstrongswan/plugins/botan/botan_rsa_public_key.h b/src/libstrongswan/plugins/botan/botan_rsa_public_key.h
new file mode 100644
index 000000000..1d80df9ff
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_rsa_public_key.h
@@ -0,0 +1,72 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup botan_rsa_public_key botan_rsa_public_key
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_RSA_PUBLIC_KEY_H_
+#define BOTAN_RSA_PUBLIC_KEY_H_
+
+#include <botan/ffi.h>
+
+#include <credentials/keys/public_key.h>
+
+typedef struct botan_rsa_public_key_t botan_rsa_public_key_t;
+
+/**
+ * public_key_t implementation of RSA algorithm using Botan.
+ */
+struct botan_rsa_public_key_t {
+
+ /**
+ * Implements the public_key_t interface
+ */
+ public_key_t key;
+};
+
+/**
+ * Load a RSA public key using Botan.
+ *
+ * Accepts a BUILD_RSA_MODULUS/BUILD_RSA_PUB_EXP arguments.
+ *
+ * @param type type of the key, must be KEY_RSA
+ * @param args builder_part_t argument list
+ * @return loaded key, NULL on failure
+ */
+botan_rsa_public_key_t *botan_rsa_public_key_load(key_type_t type,
+ va_list args);
+
+/**
+ * Load a RSA public key by adopting a botan_pubkey_t object.
+ *
+ * @param key public key object (adopted)
+ * @return loaded key, NULL on failure
+ */
+botan_rsa_public_key_t *botan_rsa_public_key_adopt(botan_pubkey_t key);
+
+#endif /** BOTAN_RSA_PUBLIC_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_util.c b/src/libstrongswan/plugins/botan/botan_util.c
new file mode 100644
index 000000000..5e18405d7
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_util.c
@@ -0,0 +1,280 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_util.h"
+
+#include <utils/debug.h>
+
+#include <botan/ffi.h>
+
+/*
+ * Described in header
+ */
+bool chunk_to_botan_mp(chunk_t value, botan_mp_t *mp)
+{
+ if (botan_mp_init(mp))
+ {
+ return FALSE;
+ }
+
+ if (botan_mp_from_bin(*mp, value.ptr, value.len))
+ {
+ botan_mp_destroy(*mp);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/*
+ * Described in header
+ */
+const char *botan_get_hash(hash_algorithm_t hash)
+{
+ switch (hash)
+ {
+ case HASH_MD5:
+ return "MD5";
+ case HASH_SHA1:
+ return "SHA-1";
+ case HASH_SHA224:
+ return "SHA-224";
+ case HASH_SHA256:
+ return "SHA-256";
+ case HASH_SHA384:
+ return "SHA-384";
+ case HASH_SHA512:
+ return "SHA-512";
+ default:
+ return NULL;
+ }
+}
+
+/*
+ * Described in header
+ */
+bool botan_get_encoding(botan_pubkey_t pubkey, cred_encoding_type_t type,
+ chunk_t *encoding)
+{
+ bool success = TRUE;
+
+ encoding->len = 0;
+ if (botan_pubkey_export(pubkey, NULL, &encoding->len,
+ BOTAN_PRIVKEY_EXPORT_FLAG_DER)
+ != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE)
+ {
+ return FALSE;
+ }
+
+ *encoding = chunk_alloc(encoding->len);
+ if (botan_pubkey_export(pubkey, encoding->ptr, &encoding->len,
+ BOTAN_PRIVKEY_EXPORT_FLAG_DER))
+ {
+ chunk_free(encoding);
+ return FALSE;
+ }
+
+ if (type != PUBKEY_SPKI_ASN1_DER)
+ {
+ chunk_t asn1_encoding = *encoding;
+
+ success = lib->encoding->encode(lib->encoding, type, NULL, encoding,
+ CRED_PART_ECDSA_PUB_ASN1_DER,
+ asn1_encoding, CRED_PART_END);
+ chunk_free(&asn1_encoding);
+ }
+ return success;
+}
+
+/*
+ * Described in header
+ */
+bool botan_get_privkey_encoding(botan_privkey_t key, cred_encoding_type_t type,
+ chunk_t *encoding)
+{
+ uint32_t format = BOTAN_PRIVKEY_EXPORT_FLAG_DER;
+
+ switch (type)
+ {
+ case PRIVKEY_PEM:
+ format = BOTAN_PRIVKEY_EXPORT_FLAG_PEM;
+ /* fall-through */
+ case PRIVKEY_ASN1_DER:
+ encoding->len = 0;
+ if (botan_privkey_export(key, NULL, &encoding->len, format)
+ != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE)
+ {
+ return FALSE;
+ }
+ *encoding = chunk_alloc(encoding->len);
+ if (botan_privkey_export(key, encoding->ptr, &encoding->len,
+ format))
+ {
+ chunk_free(encoding);
+ return FALSE;
+ }
+ return TRUE;
+ default:
+ return FALSE;
+ }
+}
+
+/*
+ * Described in header
+ */
+bool botan_get_fingerprint(botan_pubkey_t pubkey, void *cache,
+ cred_encoding_type_t type, chunk_t *fp)
+{
+ hasher_t *hasher;
+ chunk_t key;
+
+ if (cache &&
+ lib->encoding->get_cache(lib->encoding, type, cache, fp))
+ {
+ return TRUE;
+ }
+
+ switch (type)
+ {
+ case KEYID_PUBKEY_SHA1:
+ /* subjectPublicKey -> use botan_pubkey_fingerprint() */
+ *fp = chunk_alloc(HASH_SIZE_SHA1);
+ if (botan_pubkey_fingerprint(pubkey, "SHA-1", fp->ptr, &fp->len))
+ {
+ chunk_free(fp);
+ return FALSE;
+ }
+ break;
+ case KEYID_PUBKEY_INFO_SHA1:
+ /* subjectPublicKeyInfo -> use botan_pubkey_export(), then hash */
+ if (!botan_get_encoding(pubkey, PUBKEY_SPKI_ASN1_DER, &key))
+ {
+ return FALSE;
+ }
+
+ hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
+ if (!hasher || !hasher->allocate_hash(hasher, key, fp))
+ {
+ DBG1(DBG_LIB, "SHA1 hash algorithm not supported, "
+ "fingerprinting failed");
+ DESTROY_IF(hasher);
+ chunk_free(&key);
+ return FALSE;
+ }
+ hasher->destroy(hasher);
+ chunk_free(&key);
+ break;
+ default:
+ return FALSE;
+ }
+
+ if (cache)
+ {
+ lib->encoding->cache(lib->encoding, type, cache, *fp);
+ }
+ return TRUE;
+}
+
+/*
+ * Described in header
+ */
+bool botan_get_signature(botan_privkey_t key, const char *scheme,
+ chunk_t data, chunk_t *signature)
+{
+ botan_pk_op_sign_t sign_op;
+ botan_rng_t rng;
+
+ if (!scheme || !signature)
+ {
+ return FALSE;
+ }
+
+ if (botan_pk_op_sign_create(&sign_op, key, scheme, 0))
+ {
+ return FALSE;
+ }
+
+ if (botan_pk_op_sign_update(sign_op, data.ptr, data.len))
+ {
+ botan_pk_op_sign_destroy(sign_op);
+ return FALSE;
+ }
+
+ signature->len = 0;
+ if (botan_pk_op_sign_output_length(sign_op, &signature->len))
+ {
+ botan_pk_op_sign_destroy(sign_op);
+ return FALSE;
+ }
+
+ if (botan_rng_init(&rng, "user"))
+ {
+ botan_pk_op_sign_destroy(sign_op);
+ return FALSE;
+ }
+
+ *signature = chunk_alloc(signature->len);
+ if (botan_pk_op_sign_finish(sign_op, rng, signature->ptr, &signature->len))
+ {
+ chunk_free(signature);
+ botan_rng_destroy(rng);
+ botan_pk_op_sign_destroy(sign_op);
+ return FALSE;
+ }
+
+ botan_rng_destroy(rng);
+ botan_pk_op_sign_destroy(sign_op);
+ return TRUE;
+}
+
+/*
+ * Described in header
+ */
+bool botan_dh_key_derivation(botan_privkey_t key, chunk_t pub, chunk_t *secret)
+{
+ botan_pk_op_ka_t ka;
+
+ if (botan_pk_op_key_agreement_create(&ka, key, "Raw", 0))
+ {
+ return FALSE;
+ }
+
+ if (botan_pk_op_key_agreement_size(ka, &secret->len))
+ {
+ botan_pk_op_key_agreement_destroy(ka);
+ return FALSE;
+ }
+
+ *secret = chunk_alloc(secret->len);
+ if (botan_pk_op_key_agreement(ka, secret->ptr, &secret->len, pub.ptr,
+ pub.len, NULL, 0))
+ {
+ chunk_clear(secret);
+ botan_pk_op_key_agreement_destroy(ka);
+ return FALSE;
+ }
+ botan_pk_op_key_agreement_destroy(ka);
+ return TRUE;
+}
diff --git a/src/libstrongswan/plugins/botan/botan_util.h b/src/libstrongswan/plugins/botan/botan_util.h
new file mode 100644
index 000000000..08830356e
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_util.h
@@ -0,0 +1,116 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup botan_util botan_util
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_UTIL_H_
+#define BOTAN_UTIL_H_
+
+#include <library.h>
+
+#include <botan/ffi.h>
+
+/**
+ * Converts chunk_t to botan_mp_t.
+ *
+ * @param value chunk to convert
+ * @param mp allocated botan_mp_t
+ * @return TRUE if conversion successful
+ */
+bool chunk_to_botan_mp(chunk_t value, botan_mp_t *mp);
+
+/**
+ * Get the Botan string identifier for the given hash algorithm.
+ *
+ * @param hash hash algorithm
+ * @return Botan string identifier, NULL if not found
+ */
+const char *botan_get_hash(hash_algorithm_t hash);
+
+/**
+ * Get the encoding of a botan_pubkey_t.
+ *
+ * @param pubkey public key object
+ * @param type encoding type
+ * @param encoding allocated encoding
+ * @return TRUE if encoding successful
+ */
+bool botan_get_encoding(botan_pubkey_t pubkey, cred_encoding_type_t type,
+ chunk_t *encoding);
+
+/**
+ * Get the encoding of a botan_privkey_t.
+ *
+ * @param key private key object
+ * @param type encoding type
+ * @param encoding allocated encoding
+ * @return TRUE if encoding successful
+ */
+bool botan_get_privkey_encoding(botan_privkey_t key, cred_encoding_type_t type,
+ chunk_t *encoding);
+
+/**
+ * Get the fingerprint of a botan_pubkey_t.
+ *
+ * @param pubkey public key object
+ * @param cache key to use for caching, NULL to not cache
+ * @param type fingerprint type
+ * @param fp allocated fingerprint
+ * @return TRUE if fingerprinting successful
+ */
+bool botan_get_fingerprint(botan_pubkey_t pubkey, void *cache,
+ cred_encoding_type_t type, chunk_t *fp);
+
+/**
+ * Sign the given data using the provided key with the specified signature
+ * scheme (hash/padding).
+ *
+ * @param key private key object
+ * @param scheme hash/padding algorithm
+ * @param data data to sign
+ * @param signature allocated signature
+ * @return TRUE if signature successfully created
+ */
+bool botan_get_signature(botan_privkey_t key, const char *scheme,
+ chunk_t data, chunk_t *signature);
+
+/**
+ * Do the Diffie-Hellman key derivation using the given private key and public
+ * value.
+ *
+ * Note that the public value is not verified in this function.
+ *
+ * @param key DH private key
+ * @param pub other's public value
+ * @param secret the derived secret (allocated on success)
+ * @return TRUE if derivation was successful
+ */
+bool botan_dh_key_derivation(botan_privkey_t key, chunk_t pub, chunk_t *secret);
+
+#endif /** BOTAN_UTIL_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_util_keys.c b/src/libstrongswan/plugins/botan/botan_util_keys.c
new file mode 100644
index 000000000..176c2caf9
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_util_keys.c
@@ -0,0 +1,211 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_util_keys.h"
+#include "botan_ec_public_key.h"
+#include "botan_ec_private_key.h"
+#include "botan_rsa_public_key.h"
+#include "botan_rsa_private_key.h"
+
+#include <asn1/asn1.h>
+#include <asn1/oid.h>
+
+/**
+ * Get the algorithm name of a public key
+ */
+static char *get_algo_name(botan_pubkey_t pubkey)
+{
+ char *name;
+ size_t len = 0;
+
+ if (botan_pubkey_algo_name(pubkey, NULL, &len)
+ != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE)
+ {
+ return NULL;
+ }
+
+ name = malloc(len);
+ if (botan_pubkey_algo_name(pubkey, name, &len))
+ {
+ free(name);
+ return NULL;
+ }
+ return name;
+}
+
+/*
+ * Described in header
+ */
+public_key_t *botan_public_key_load(key_type_t type, va_list args)
+{
+ public_key_t *this = NULL;
+ botan_pubkey_t pubkey;
+ chunk_t blob = chunk_empty;
+ botan_rng_t rng;
+ char *name;
+
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_BLOB_ASN1_DER:
+ blob = va_arg(args, chunk_t);
+ continue;
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+
+ if (botan_rng_init(&rng, "user"))
+ {
+ return NULL;
+ }
+ if (botan_pubkey_load(&pubkey, blob.ptr, blob.len))
+ {
+ botan_rng_destroy(rng);
+ return NULL;
+ }
+ if (botan_pubkey_check_key(pubkey, rng, BOTAN_CHECK_KEY_EXPENSIVE_TESTS))
+ {
+ DBG1(DBG_LIB, "public key failed key checks");
+ botan_pubkey_destroy(pubkey);
+ botan_rng_destroy(rng);
+ return NULL;
+ }
+ botan_rng_destroy(rng);
+
+ name = get_algo_name(pubkey);
+ if (!name)
+ {
+ botan_pubkey_destroy(pubkey);
+ return NULL;
+ }
+
+ if (streq(name, "RSA") && (type == KEY_ANY || type == KEY_RSA))
+ {
+ this = (public_key_t*)botan_rsa_public_key_adopt(pubkey);
+ }
+ else if (streq(name, "ECDSA") && (type == KEY_ANY || type == KEY_ECDSA))
+ {
+ this = (public_key_t*)botan_ec_public_key_adopt(pubkey);
+ }
+ else
+ {
+ botan_pubkey_destroy(pubkey);
+ }
+ free(name);
+ return this;
+}
+
+/**
+ * Determine the curve OID from a PKCS#8 structure
+ */
+static int determine_ec_oid(chunk_t pkcs8)
+{
+ int oid = OID_UNKNOWN;
+ chunk_t inner, params = chunk_empty;
+
+ if (asn1_unwrap(&pkcs8, &pkcs8) == ASN1_SEQUENCE &&
+ asn1_unwrap(&pkcs8, &inner) == ASN1_INTEGER &&
+ asn1_parse_integer_uint64(inner) == 0 &&
+ asn1_parse_algorithmIdentifier(pkcs8, 0, &params) == OID_EC_PUBLICKEY &&
+ params.len &&
+ asn1_unwrap(&params, &params) == ASN1_OID)
+ {
+ oid = asn1_known_oid(params);
+ }
+ return oid;
+}
+
+/*
+ * Described in header
+ */
+private_key_t *botan_private_key_load(key_type_t type, va_list args)
+{
+ private_key_t *this = NULL;
+ botan_privkey_t key;
+ botan_pubkey_t pubkey;
+ chunk_t blob = chunk_empty;
+ botan_rng_t rng;
+ char *name;
+ int oid;
+
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_BLOB_ASN1_DER:
+ blob = va_arg(args, chunk_t);
+ continue;
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+
+ if (botan_rng_init(&rng, "user"))
+ {
+ return NULL;
+ }
+ if (botan_privkey_load(&key, rng, blob.ptr, blob.len, NULL))
+ {
+ botan_rng_destroy(rng);
+ return NULL;
+ }
+ botan_rng_destroy(rng);
+
+ if (botan_privkey_export_pubkey(&pubkey, key))
+ {
+ botan_privkey_destroy(key);
+ return NULL;
+ }
+ name = get_algo_name(pubkey);
+ botan_pubkey_destroy(pubkey);
+ if (!name)
+ {
+ return NULL;
+ }
+ if (streq(name, "RSA") && (type == KEY_ANY || type == KEY_RSA))
+ {
+ this = (private_key_t*)botan_rsa_private_key_adopt(key);
+ }
+ else if (streq(name, "ECDSA") && (type == KEY_ANY || type == KEY_ECDSA))
+ {
+ oid = determine_ec_oid(blob);
+ if (oid != OID_UNKNOWN)
+ {
+ this = (private_key_t*)botan_ec_private_key_adopt(key, oid);
+ }
+ }
+ if (!this)
+ {
+ botan_privkey_destroy(key);
+ }
+ free(name);
+ return this;
+}
diff --git a/src/libstrongswan/plugins/botan/botan_util_keys.h b/src/libstrongswan/plugins/botan/botan_util_keys.h
new file mode 100644
index 000000000..f05f7ce5e
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_util_keys.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * Helper functions to load public and private keys in a generic way
+ *
+ * @defgroup botan_util_keys botan_util_keys
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_UTIL_KEYS_H_
+#define BOTAN_UTIL_KEYS_H_
+
+#include <botan/ffi.h>
+
+#include <credentials/keys/public_key.h>
+#include <credentials/keys/private_key.h>
+
+/**
+ * Load a public key in subjectPublicKeyInfo encoding
+ *
+ * Accepts a BUILD_BLOB_ASN1_DER argument.
+ *
+ * @param type type of the key
+ * @param args builder_part_t argument list
+ * @return loaded key, NULL on failure
+ */
+public_key_t *botan_public_key_load(key_type_t type, va_list args);
+
+/**
+ * Load a private key in PKCS#8 encoding
+ *
+ * Accepts a BUILD_BLOB_ASN1_DER argument.
+ *
+ * @param type type of the key
+ * @param args builder_part_t argument list
+ * @return loaded key, NULL on failure
+ */
+private_key_t *botan_private_key_load(key_type_t type, va_list args);
+
+#endif /** BOTAN_UTIL_KEYS_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_x25519.c b/src/libstrongswan/plugins/botan/botan_x25519.c
new file mode 100644
index 000000000..519f29f55
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_x25519.c
@@ -0,0 +1,176 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_x25519.h"
+
+#include <botan/build.h>
+
+#ifdef BOTAN_HAS_X25519
+
+#include "botan_util.h"
+
+#include <utils/debug.h>
+
+#include <botan/ffi.h>
+
+typedef struct private_diffie_hellman_t private_diffie_hellman_t;
+
+/**
+ * Private data
+ */
+struct private_diffie_hellman_t {
+
+ /**
+ * Public interface
+ */
+ diffie_hellman_t public;
+
+ /**
+ * Private key
+ */
+ botan_privkey_t key;
+
+ /**
+ * Shared secret
+ */
+ chunk_t shared_secret;
+};
+
+METHOD(diffie_hellman_t, set_other_public_value, bool,
+ private_diffie_hellman_t *this, chunk_t value)
+{
+ if (!diffie_hellman_verify_value(CURVE_25519, value))
+ {
+ return FALSE;
+ }
+
+ chunk_clear(&this->shared_secret);
+
+ return botan_dh_key_derivation(this->key, value, &this->shared_secret);
+}
+
+METHOD(diffie_hellman_t, get_my_public_value, bool,
+ private_diffie_hellman_t *this, chunk_t *value)
+{
+ value->len = 0;
+ if (botan_pk_op_key_agreement_export_public(this->key, NULL, &value->len)
+ != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE)
+ {
+ return FALSE;
+ }
+
+ *value = chunk_alloc(value->len);
+ if (botan_pk_op_key_agreement_export_public(this->key, value->ptr,
+ &value->len))
+ {
+ chunk_free(value);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(diffie_hellman_t, set_private_value, bool,
+ private_diffie_hellman_t *this, chunk_t value)
+{
+ if (value.len != 32)
+ {
+ return FALSE;
+ }
+
+ chunk_clear(&this->shared_secret);
+
+ if (botan_privkey_destroy(this->key))
+ {
+ return FALSE;
+ }
+
+ if (botan_privkey_load_x25519(&this->key, value.ptr))
+ {
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(diffie_hellman_t, get_shared_secret, bool,
+ private_diffie_hellman_t *this, chunk_t *secret)
+{
+ if (!this->shared_secret.len)
+ {
+ return FALSE;
+ }
+ *secret = chunk_clone(this->shared_secret);
+ return TRUE;
+}
+
+METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+ private_diffie_hellman_t *this)
+{
+ return CURVE_25519;
+}
+
+METHOD(diffie_hellman_t, destroy, void,
+ private_diffie_hellman_t *this)
+{
+ botan_privkey_destroy(this->key);
+ chunk_clear(&this->shared_secret);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+diffie_hellman_t *botan_x25519_create(diffie_hellman_group_t group)
+{
+ private_diffie_hellman_t *this;
+ botan_rng_t rng;
+
+ INIT(this,
+ .public = {
+ .get_shared_secret = _get_shared_secret,
+ .set_other_public_value = _set_other_public_value,
+ .get_my_public_value = _get_my_public_value,
+ .set_private_value = _set_private_value,
+ .get_dh_group = _get_dh_group,
+ .destroy = _destroy,
+ },
+ );
+
+ if (botan_rng_init(&rng, "user"))
+ {
+ free(this);
+ return NULL;
+ }
+
+ if (botan_privkey_create_ecdh(&this->key, rng, "curve25519"))
+ {
+ DBG1(DBG_LIB, "x25519 private key generation failed");
+ botan_rng_destroy(rng);
+ free(this);
+ return NULL;
+ }
+
+ botan_rng_destroy(rng);
+ return &this->public;
+}
+
+#endif
diff --git a/src/libstrongswan/plugins/botan/botan_x25519.h b/src/libstrongswan/plugins/botan/botan_x25519.h
new file mode 100644
index 000000000..e95d6cde4
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_x25519.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup botan_x25519 botan_x25519
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_X25519_H_
+#define BOTAN_X25519_H_
+
+#include <library.h>
+
+/**
+ * Creates a new X25519 implementation using Botan.
+ *
+ * @param group DH group, must be CURVE_25519
+ * @return object, NULL if not supported
+ */
+diffie_hellman_t *botan_x25519_create(diffie_hellman_group_t group);
+
+#endif /** BOTAN_X25519_H_ @}*/
diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in
index 07eb457d5..f95094d8b 100644
--- a/src/libstrongswan/plugins/ccm/Makefile.in
+++ b/src/libstrongswan/plugins/ccm/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/chapoly/Makefile.in b/src/libstrongswan/plugins/chapoly/Makefile.in
index 09cbddee7..b57b78200 100644
--- a/src/libstrongswan/plugins/chapoly/Makefile.in
+++ b/src/libstrongswan/plugins/chapoly/Makefile.in
@@ -325,7 +325,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -351,6 +350,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -371,8 +372,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -427,8 +426,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -457,8 +454,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in
index 234a54cc2..0228adc25 100644
--- a/src/libstrongswan/plugins/cmac/Makefile.in
+++ b/src/libstrongswan/plugins/cmac/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in
index 82f82ca2d..56754db88 100644
--- a/src/libstrongswan/plugins/constraints/Makefile.in
+++ b/src/libstrongswan/plugins/constraints/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in
index 7c3012301..b5226d684 100644
--- a/src/libstrongswan/plugins/ctr/Makefile.in
+++ b/src/libstrongswan/plugins/ctr/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in
index 0928dee1c..18c6b7f94 100644
--- a/src/libstrongswan/plugins/curl/Makefile.in
+++ b/src/libstrongswan/plugins/curl/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/curve25519/Makefile.in b/src/libstrongswan/plugins/curve25519/Makefile.in
index cb8bb3405..5b8b45e26 100644
--- a/src/libstrongswan/plugins/curve25519/Makefile.in
+++ b/src/libstrongswan/plugins/curve25519/Makefile.in
@@ -317,7 +317,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -343,6 +342,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -363,8 +364,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -419,8 +418,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -449,8 +446,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in
index 5ffa778cd..df4d5d657 100644
--- a/src/libstrongswan/plugins/des/Makefile.in
+++ b/src/libstrongswan/plugins/des/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in
index 37799583a..3e8efa37b 100644
--- a/src/libstrongswan/plugins/dnskey/Makefile.in
+++ b/src/libstrongswan/plugins/dnskey/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/files/Makefile.in b/src/libstrongswan/plugins/files/Makefile.in
index 87b66df04..2bb55f6de 100644
--- a/src/libstrongswan/plugins/files/Makefile.in
+++ b/src/libstrongswan/plugins/files/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in
index aa0bd5fa8..096e61214 100644
--- a/src/libstrongswan/plugins/fips_prf/Makefile.in
+++ b/src/libstrongswan/plugins/fips_prf/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in
index da118ce57..304f4fcd4 100644
--- a/src/libstrongswan/plugins/gcm/Makefile.in
+++ b/src/libstrongswan/plugins/gcm/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/gcm/gcm_aead.c b/src/libstrongswan/plugins/gcm/gcm_aead.c
index e9a072461..513dc2a9b 100644
--- a/src/libstrongswan/plugins/gcm/gcm_aead.c
+++ b/src/libstrongswan/plugins/gcm/gcm_aead.c
@@ -62,7 +62,7 @@ struct private_gcm_aead_t {
};
/**
- * Find a suiteable word size and network order conversion functions
+ * Find a suitable word size and network order conversion functions
*/
#if ULONG_MAX == 18446744073709551615UL && defined(htobe64)
# define htobeword htobe64
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in
index 3ed4a910f..dab9f6f1b 100644
--- a/src/libstrongswan/plugins/gcrypt/Makefile.in
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
index f59144a86..b57f05e3a 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
@@ -195,8 +195,8 @@ METHOD(diffie_hellman_t, destroy, void,
/*
* Generic internal constructor
*/
-gcrypt_dh_t *create_generic(diffie_hellman_group_t group, size_t exp_len,
- chunk_t g, chunk_t p)
+static gcrypt_dh_t *create_generic(diffie_hellman_group_t group, size_t exp_len,
+ chunk_t g, chunk_t p)
{
private_gcrypt_dh_t *this;
gcry_error_t err;
diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in
index 11aef42f0..a74d76201 100644
--- a/src/libstrongswan/plugins/gmp/Makefile.in
+++ b/src/libstrongswan/plugins/gmp/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
index 241ef7d3b..e9a83fdf4 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2017 Tobias Brunner
+ * Copyright (C) 2017-2018 Tobias Brunner
* Copyright (C) 2005 Jan Hutter
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2012 Andreas Steffen
@@ -264,14 +264,15 @@ static chunk_t rsasp1(private_gmp_rsa_private_key_t *this, chunk_t data)
}
/**
- * Build a signature using the PKCS#1 EMSA scheme
+ * Hashes the data and builds the plaintext signature value with EMSA
+ * PKCS#1 v1.5 padding.
+ *
+ * Allocates the signature data.
*/
-static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
- hash_algorithm_t hash_algorithm,
- chunk_t data, chunk_t *signature)
+bool gmp_emsa_pkcs1_signature_data(hash_algorithm_t hash_algorithm,
+ chunk_t data, size_t keylen, chunk_t *em)
{
chunk_t digestInfo = chunk_empty;
- chunk_t em;
if (hash_algorithm != HASH_UNKNOWN)
{
@@ -295,43 +296,56 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
/* build DER-encoded digestInfo */
digestInfo = asn1_wrap(ASN1_SEQUENCE, "mm",
asn1_algorithmIdentifier(hash_oid),
- asn1_simple_object(ASN1_OCTET_STRING, hash)
- );
- chunk_free(&hash);
+ asn1_wrap(ASN1_OCTET_STRING, "m", hash));
+
data = digestInfo;
}
- if (data.len > this->k - 3)
+ if (data.len > keylen - 11)
{
- free(digestInfo.ptr);
- DBG1(DBG_LIB, "unable to sign %d bytes using a %dbit key", data.len,
- mpz_sizeinbase(this->n, 2));
+ chunk_free(&digestInfo);
+ DBG1(DBG_LIB, "signature value of %zu bytes is too long for key of "
+ "%zu bytes", data.len, keylen);
return FALSE;
}
- /* build chunk to rsa-decrypt:
- * EM = 0x00 || 0x01 || PS || 0x00 || T.
- * PS = 0xFF padding, with length to fill em
+ /* EM = 0x00 || 0x01 || PS || 0x00 || T.
+ * PS = 0xFF padding, with length to fill em (at least 8 bytes)
* T = encoded_hash
*/
- em.len = this->k;
- em.ptr = malloc(em.len);
+ *em = chunk_alloc(keylen);
/* fill em with padding */
- memset(em.ptr, 0xFF, em.len);
+ memset(em->ptr, 0xFF, em->len);
/* set magic bytes */
- *(em.ptr) = 0x00;
- *(em.ptr+1) = 0x01;
- *(em.ptr + em.len - data.len - 1) = 0x00;
- /* set DER-encoded hash */
- memcpy(em.ptr + em.len - data.len, data.ptr, data.len);
+ *(em->ptr) = 0x00;
+ *(em->ptr+1) = 0x01;
+ *(em->ptr + em->len - data.len - 1) = 0x00;
+ /* set encoded hash */
+ memcpy(em->ptr + em->len - data.len, data.ptr, data.len);
+
+ chunk_clear(&digestInfo);
+ return TRUE;
+}
+
+/**
+ * Build a signature using the PKCS#1 EMSA scheme
+ */
+static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
+ hash_algorithm_t hash_algorithm,
+ chunk_t data, chunk_t *signature)
+{
+ chunk_t em;
+
+ if (!gmp_emsa_pkcs1_signature_data(hash_algorithm, data, this->k, &em))
+ {
+ return FALSE;
+ }
/* build signature */
*signature = rsasp1(this, em);
- free(digestInfo.ptr);
- free(em.ptr);
-
+ chunk_free(&em);
return TRUE;
}
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
index 52bc9fb38..9b5ee67fa 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2017 Tobias Brunner
+ * Copyright (C) 2017-2018 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -70,7 +70,9 @@ struct private_gmp_rsa_public_key_t {
/**
* Shared functions defined in gmp_rsa_private_key.c
*/
-extern chunk_t gmp_mpz_to_chunk(const mpz_t value);
+chunk_t gmp_mpz_to_chunk(const mpz_t value);
+bool gmp_emsa_pkcs1_signature_data(hash_algorithm_t hash_algorithm,
+ chunk_t data, size_t keylen, chunk_t *em);
/**
* RSAEP algorithm specified in PKCS#1.
@@ -115,26 +117,13 @@ static chunk_t rsavp1(private_gmp_rsa_public_key_t *this, chunk_t data)
}
/**
- * ASN.1 definition of digestInfo
- */
-static const asn1Object_t digestInfoObjects[] = {
- { 0, "digestInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
- { 1, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 1 */
- { 1, "digest", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */
- { 0, "exit", ASN1_EOC, ASN1_EXIT }
-};
-#define DIGEST_INFO 0
-#define DIGEST_INFO_ALGORITHM 1
-#define DIGEST_INFO_DIGEST 2
-
-/**
* Verification of an EMSA PKCS1 signature described in PKCS#1
*/
static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
hash_algorithm_t algorithm,
chunk_t data, chunk_t signature)
{
- chunk_t em_ori, em;
+ chunk_t em_expected, em;
bool success = FALSE;
/* remove any preceding 0-bytes from signature */
@@ -148,140 +137,19 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
return FALSE;
}
- /* unpack signature */
- em_ori = em = rsavp1(this, signature);
-
- /* result should look like this:
- * EM = 0x00 || 0x01 || PS || 0x00 || T.
- * PS = 0xFF padding, with length to fill em
- * T = oid || hash
- */
-
- /* check magic bytes */
- if (em.len < 2 || *(em.ptr) != 0x00 || *(em.ptr+1) != 0x01)
+ /* generate expected signature value */
+ if (!gmp_emsa_pkcs1_signature_data(algorithm, data, this->k, &em_expected))
{
- goto end;
- }
- em = chunk_skip(em, 2);
-
- /* find magic 0x00 */
- while (em.len > 0)
- {
- if (*em.ptr == 0x00)
- {
- /* found magic byte, stop */
- em = chunk_skip(em, 1);
- break;
- }
- else if (*em.ptr != 0xFF)
- {
- /* bad padding, decryption failed ?!*/
- goto end;
- }
- em = chunk_skip(em, 1);
- }
-
- if (em.len == 0)
- {
- /* no digestInfo found */
- goto end;
- }
-
- if (algorithm == HASH_UNKNOWN)
- { /* IKEv1 signatures without digestInfo */
- if (em.len != data.len)
- {
- DBG1(DBG_LIB, "hash size in signature is %u bytes instead of"
- " %u bytes", em.len, data.len);
- goto end;
- }
- success = memeq_const(em.ptr, data.ptr, data.len);
+ return FALSE;
}
- else
- { /* IKEv2 and X.509 certificate signatures */
- asn1_parser_t *parser;
- chunk_t object;
- int objectID;
- hash_algorithm_t hash_algorithm = HASH_UNKNOWN;
-
- DBG2(DBG_LIB, "signature verification:");
- parser = asn1_parser_create(digestInfoObjects, em);
- while (parser->iterate(parser, &objectID, &object))
- {
- switch (objectID)
- {
- case DIGEST_INFO:
- {
- if (em.len > object.len)
- {
- DBG1(DBG_LIB, "digestInfo field in signature is"
- " followed by %u surplus bytes",
- em.len - object.len);
- goto end_parser;
- }
- break;
- }
- case DIGEST_INFO_ALGORITHM:
- {
- int hash_oid = asn1_parse_algorithmIdentifier(object,
- parser->get_level(parser)+1, NULL);
-
- hash_algorithm = hasher_algorithm_from_oid(hash_oid);
- if (hash_algorithm == HASH_UNKNOWN || hash_algorithm != algorithm)
- {
- DBG1(DBG_LIB, "expected hash algorithm %N, but found"
- " %N (OID: %#B)", hash_algorithm_names, algorithm,
- hash_algorithm_names, hash_algorithm, &object);
- goto end_parser;
- }
- break;
- }
- case DIGEST_INFO_DIGEST:
- {
- chunk_t hash;
- hasher_t *hasher;
-
- hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
- if (hasher == NULL)
- {
- DBG1(DBG_LIB, "hash algorithm %N not supported",
- hash_algorithm_names, hash_algorithm);
- goto end_parser;
- }
-
- if (object.len != hasher->get_hash_size(hasher))
- {
- DBG1(DBG_LIB, "hash size in signature is %u bytes"
- " instead of %u bytes", object.len,
- hasher->get_hash_size(hasher));
- hasher->destroy(hasher);
- goto end_parser;
- }
-
- /* build our own hash and compare */
- if (!hasher->allocate_hash(hasher, data, &hash))
- {
- hasher->destroy(hasher);
- goto end_parser;
- }
- hasher->destroy(hasher);
- success = memeq_const(object.ptr, hash.ptr, hash.len);
- free(hash.ptr);
- break;
- }
- default:
- break;
- }
- }
+ /* unpack signature */
+ em = rsavp1(this, signature);
-end_parser:
- success &= parser->success(parser);
- parser->destroy(parser);
- }
+ success = chunk_equals_const(em_expected, em);
-end:
- free(em_ori.ptr);
+ chunk_free(&em_expected);
+ chunk_free(&em);
return success;
}
diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in
index 8de79663e..9f1f12601 100644
--- a/src/libstrongswan/plugins/hmac/Makefile.in
+++ b/src/libstrongswan/plugins/hmac/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/keychain/Makefile.in b/src/libstrongswan/plugins/keychain/Makefile.in
index 6573b311d..6ec8dc755 100644
--- a/src/libstrongswan/plugins/keychain/Makefile.in
+++ b/src/libstrongswan/plugins/keychain/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in
index 324157bc0..7582e2147 100644
--- a/src/libstrongswan/plugins/ldap/Makefile.in
+++ b/src/libstrongswan/plugins/ldap/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in
index 111f53239..e3ec9866c 100644
--- a/src/libstrongswan/plugins/md4/Makefile.in
+++ b/src/libstrongswan/plugins/md4/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in
index 1a41f73ea..ec49f9540 100644
--- a/src/libstrongswan/plugins/md5/Makefile.in
+++ b/src/libstrongswan/plugins/md5/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/mgf1/Makefile.in b/src/libstrongswan/plugins/mgf1/Makefile.in
index fd69f4042..36ebc1c67 100644
--- a/src/libstrongswan/plugins/mgf1/Makefile.in
+++ b/src/libstrongswan/plugins/mgf1/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in
index 114507eeb..0b58efb22 100644
--- a/src/libstrongswan/plugins/mysql/Makefile.in
+++ b/src/libstrongswan/plugins/mysql/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/newhope/Makefile.in b/src/libstrongswan/plugins/newhope/Makefile.in
index 81c10d5c9..cd618382e 100644
--- a/src/libstrongswan/plugins/newhope/Makefile.in
+++ b/src/libstrongswan/plugins/newhope/Makefile.in
@@ -319,7 +319,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -345,6 +344,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -365,8 +366,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -421,8 +420,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -451,8 +448,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/newhope/newhope_ke.c b/src/libstrongswan/plugins/newhope/newhope_ke.c
index 72b7e034c..463276215 100644
--- a/src/libstrongswan/plugins/newhope/newhope_ke.c
+++ b/src/libstrongswan/plugins/newhope/newhope_ke.c
@@ -306,7 +306,7 @@ METHOD(diffie_hellman_t, get_my_public_value, bool,
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
if (!rng)
{
- DBG1(DBG_LIB, "could not instatiate random source");
+ DBG1(DBG_LIB, "could not instantiate random source");
return FALSE;
}
if (!rng->get_bytes(rng, seed_len, a_seed.ptr))
@@ -463,7 +463,7 @@ METHOD(diffie_hellman_t, set_other_public_value, bool,
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
if (!rng)
{
- DBG1(DBG_LIB, "could not instatiate random source");
+ DBG1(DBG_LIB, "could not instantiate random source");
goto end;
}
if (!rng->get_bytes(rng, seed_len, noise_seed.ptr))
diff --git a/src/libstrongswan/plugins/newhope/tests/Makefile.in b/src/libstrongswan/plugins/newhope/tests/Makefile.in
index 114035a4a..40961880c 100644
--- a/src/libstrongswan/plugins/newhope/tests/Makefile.in
+++ b/src/libstrongswan/plugins/newhope/tests/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/nonce/Makefile.in b/src/libstrongswan/plugins/nonce/Makefile.in
index 0e24d4861..d9243ac62 100644
--- a/src/libstrongswan/plugins/nonce/Makefile.in
+++ b/src/libstrongswan/plugins/nonce/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/ntru/Makefile.in b/src/libstrongswan/plugins/ntru/Makefile.in
index cdfee525b..75f6abda9 100644
--- a/src/libstrongswan/plugins/ntru/Makefile.in
+++ b/src/libstrongswan/plugins/ntru/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/ntru/ntru_drbg.h b/src/libstrongswan/plugins/ntru/ntru_drbg.h
index 3fee1800b..31c12e42c 100644
--- a/src/libstrongswan/plugins/ntru/ntru_drbg.h
+++ b/src/libstrongswan/plugins/ntru/ntru_drbg.h
@@ -71,7 +71,7 @@ struct ntru_drbg_t {
};
/**
- * Create and instantiate a new DRBG objet.
+ * Create and instantiate a new DRBG object.
*
* @param strength security strength in bits
* @param pers_str personalization string
diff --git a/src/libstrongswan/plugins/ntru/ntru_poly.h b/src/libstrongswan/plugins/ntru/ntru_poly.h
index 765b72bdd..642384feb 100644
--- a/src/libstrongswan/plugins/ntru/ntru_poly.h
+++ b/src/libstrongswan/plugins/ntru/ntru_poly.h
@@ -49,7 +49,7 @@ struct ntru_poly_t {
void (*get_array)(ntru_poly_t *this, uint16_t *array);
/**
- * Multiply polynomial a with ntru_poly_t object b having sparse coeffients
+ * Multiply polynomial a with ntru_poly_t object b having sparse coefficients
* to form result polynomial c = a * b
*
* @param a input polynomial a
diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in
index 856055c6a..0fa8142a6 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.in
+++ b/src/libstrongswan/plugins/openssl/Makefile.in
@@ -320,7 +320,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -346,6 +345,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -366,8 +367,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -422,8 +421,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -452,8 +449,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in
index 02a022d03..a1460d993 100644
--- a/src/libstrongswan/plugins/padlock/Makefile.in
+++ b/src/libstrongswan/plugins/padlock/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in
index 37917d441..1c6d0cfd6 100644
--- a/src/libstrongswan/plugins/pem/Makefile.in
+++ b/src/libstrongswan/plugins/pem/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in
index 10eb82619..af23b3058 100644
--- a/src/libstrongswan/plugins/pgp/Makefile.in
+++ b/src/libstrongswan/plugins/pgp/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in
index ae24d4085..c2648d86c 100644
--- a/src/libstrongswan/plugins/pkcs1/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs1/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
index 967e501d1..c934f0b1d 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
@@ -271,7 +271,8 @@ end:
* }
*
* While the parameters and publicKey fields are OPTIONAL, RFC 5915 says that
- * parameters MUST be included and publicKey SHOULD be.
+ * parameters MUST be included (an errata clarifies this, so this is only the
+ * case for plain private keys, not encoded in PKCS#8) and publicKey SHOULD be.
*/
static bool is_ec_private_key(chunk_t blob)
{
@@ -281,7 +282,8 @@ static bool is_ec_private_key(chunk_t blob)
asn1_parse_integer_uint64(data) == 1 &&
asn1_unwrap(&blob, &data) == ASN1_OCTET_STRING &&
asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_0 &&
- asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_1;
+ asn1_unwrap(&data, &data) == ASN1_OID &&
+ (!blob.len || (asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_1));
}
/**
diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in
index 00d5a6a5d..8eec72903 100644
--- a/src/libstrongswan/plugins/pkcs11/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs11/Makefile.in
@@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -341,6 +340,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -361,8 +362,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -417,8 +416,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -447,8 +444,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/pkcs12/Makefile.in b/src/libstrongswan/plugins/pkcs12/Makefile.in
index 6bb1b9a36..d47a1906c 100644
--- a/src/libstrongswan/plugins/pkcs12/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs12/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.in b/src/libstrongswan/plugins/pkcs7/Makefile.in
index f56df39d1..1539e57d7 100644
--- a/src/libstrongswan/plugins/pkcs7/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs7/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in
index 9c408c443..8d038d698 100644
--- a/src/libstrongswan/plugins/pkcs8/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs8/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in
index ff7501c00..5caae5879 100644
--- a/src/libstrongswan/plugins/pubkey/Makefile.in
+++ b/src/libstrongswan/plugins/pubkey/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in
index 3a22a6316..6359e7cd7 100644
--- a/src/libstrongswan/plugins/random/Makefile.in
+++ b/src/libstrongswan/plugins/random/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/rc2/Makefile.in b/src/libstrongswan/plugins/rc2/Makefile.in
index d37c9834d..91526ccac 100644
--- a/src/libstrongswan/plugins/rc2/Makefile.in
+++ b/src/libstrongswan/plugins/rc2/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/rdrand/Makefile.in b/src/libstrongswan/plugins/rdrand/Makefile.in
index 371e34db8..0ff72f58a 100644
--- a/src/libstrongswan/plugins/rdrand/Makefile.in
+++ b/src/libstrongswan/plugins/rdrand/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in
index 15e91b24a..4d4fcf1f1 100644
--- a/src/libstrongswan/plugins/revocation/Makefile.in
+++ b/src/libstrongswan/plugins/revocation/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/revocation/revocation_plugin.c b/src/libstrongswan/plugins/revocation/revocation_plugin.c
index fe7eaa765..f688577e1 100644
--- a/src/libstrongswan/plugins/revocation/revocation_plugin.c
+++ b/src/libstrongswan/plugins/revocation/revocation_plugin.c
@@ -76,6 +76,13 @@ METHOD(plugin_t, get_features, int,
return countof(f);
}
+METHOD(plugin_t, reload, bool,
+ private_revocation_plugin_t *this)
+{
+ this->validator->reload(this->validator);
+ return TRUE;
+}
+
METHOD(plugin_t, destroy, void,
private_revocation_plugin_t *this)
{
@@ -95,6 +102,7 @@ plugin_t *revocation_plugin_create()
.plugin = {
.get_name = _get_name,
.get_features = _get_features,
+ .reload = _reload,
.destroy = _destroy,
},
},
diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c
index f8e78ac0c..68292e3cd 100644
--- a/src/libstrongswan/plugins/revocation/revocation_validator.c
+++ b/src/libstrongswan/plugins/revocation/revocation_validator.c
@@ -27,6 +27,7 @@
#include <credentials/certificates/ocsp_response.h>
#include <credentials/sets/ocsp_response_wrapper.h>
#include <selectors/traffic_selector.h>
+#include <threading/spinlock.h>
typedef struct private_revocation_validator_t private_revocation_validator_t;
@@ -50,6 +51,10 @@ struct private_revocation_validator_t {
*/
bool enable_crl;
+ /**
+ * Lock to access flags
+ */
+ spinlock_t *lock;
};
/**
@@ -795,14 +800,21 @@ METHOD(cert_validator_t, validate, bool,
certificate_t *issuer, bool online, u_int pathlen, bool anchor,
auth_cfg_t *auth)
{
- if (online && (this->enable_ocsp || this->enable_crl) &&
+ bool enable_ocsp, enable_crl;
+
+ this->lock->lock(this->lock);
+ enable_ocsp = this->enable_ocsp;
+ enable_crl = this->enable_crl;
+ this->lock->unlock(this->lock);
+
+ if (online && (enable_ocsp || enable_crl) &&
subject->get_type(subject) == CERT_X509 &&
issuer->get_type(issuer) == CERT_X509)
{
DBG1(DBG_CFG, "checking certificate status of \"%Y\"",
subject->get_subject(subject));
- if (this->enable_ocsp)
+ if (enable_ocsp)
{
switch (check_ocsp((x509_t*)subject, (x509_t*)issuer, auth))
{
@@ -831,7 +843,7 @@ METHOD(cert_validator_t, validate, bool,
auth->add(auth, AUTH_RULE_OCSP_VALIDATION, VALIDATION_SKIPPED);
}
- if (this->enable_crl)
+ if (enable_crl)
{
switch (check_crl((x509_t*)subject, (x509_t*)issuer, auth))
{
@@ -865,9 +877,35 @@ METHOD(cert_validator_t, validate, bool,
return TRUE;
}
+METHOD(revocation_validator_t, reload, void,
+ private_revocation_validator_t *this)
+{
+ bool enable_ocsp, enable_crl;
+
+ enable_ocsp = lib->settings->get_bool(lib->settings,
+ "%s.plugins.revocation.enable_ocsp", TRUE, lib->ns);
+ enable_crl = lib->settings->get_bool(lib->settings,
+ "%s.plugins.revocation.enable_crl", TRUE, lib->ns);
+
+ this->lock->lock(this->lock);
+ this->enable_ocsp = enable_ocsp;
+ this->enable_crl = enable_crl;
+ this->lock->unlock(this->lock);
+
+ if (!enable_ocsp)
+ {
+ DBG1(DBG_LIB, "all OCSP validation disabled");
+ }
+ if (!enable_crl)
+ {
+ DBG1(DBG_LIB, "all CRL validation disabled");
+ }
+}
+
METHOD(revocation_validator_t, destroy, void,
private_revocation_validator_t *this)
{
+ this->lock->destroy(this->lock);
free(this);
}
@@ -881,21 +919,13 @@ revocation_validator_t *revocation_validator_create()
INIT(this,
.public = {
.validator.validate = _validate,
+ .reload = _reload,
.destroy = _destroy,
},
- .enable_ocsp = lib->settings->get_bool(lib->settings,
- "%s.plugins.revocation.enable_ocsp", TRUE, lib->ns),
- .enable_crl = lib->settings->get_bool(lib->settings,
- "%s.plugins.revocation.enable_crl", TRUE, lib->ns),
+ .lock = spinlock_create(),
);
- if (!this->enable_ocsp)
- {
- DBG1(DBG_LIB, "all OCSP validation disabled");
- }
- if (!this->enable_crl)
- {
- DBG1(DBG_LIB, "all CRL validation disabled");
- }
+ reload(this);
+
return &this->public;
}
diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.h b/src/libstrongswan/plugins/revocation/revocation_validator.h
index 82cbde26b..9128787f1 100644
--- a/src/libstrongswan/plugins/revocation/revocation_validator.h
+++ b/src/libstrongswan/plugins/revocation/revocation_validator.h
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
*
@@ -36,6 +39,11 @@ struct revocation_validator_t {
cert_validator_t validator;
/**
+ * Reload the configuration
+ */
+ void (*reload)(revocation_validator_t *this);
+
+ /**
* Destroy a revocation_validator_t.
*/
void (*destroy)(revocation_validator_t *this);
diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in
index ff0a30462..89d0fbb09 100644
--- a/src/libstrongswan/plugins/sha1/Makefile.in
+++ b/src/libstrongswan/plugins/sha1/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in
index 81284e137..32daea050 100644
--- a/src/libstrongswan/plugins/sha2/Makefile.in
+++ b/src/libstrongswan/plugins/sha2/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/sha3/Makefile.in b/src/libstrongswan/plugins/sha3/Makefile.in
index 3ca2f5e24..ec55ffaaa 100644
--- a/src/libstrongswan/plugins/sha3/Makefile.in
+++ b/src/libstrongswan/plugins/sha3/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in
index 47af2c5fd..25e3781de 100644
--- a/src/libstrongswan/plugins/soup/Makefile.in
+++ b/src/libstrongswan/plugins/soup/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in
index f0649b52a..cc2a8cbd7 100644
--- a/src/libstrongswan/plugins/sqlite/Makefile.in
+++ b/src/libstrongswan/plugins/sqlite/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/sshkey/Makefile.in b/src/libstrongswan/plugins/sshkey/Makefile.in
index ac644ec0b..864a536ee 100644
--- a/src/libstrongswan/plugins/sshkey/Makefile.in
+++ b/src/libstrongswan/plugins/sshkey/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in
index 45879e841..c8ad1e5d9 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.in
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.in
@@ -331,7 +331,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -357,6 +356,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -377,8 +378,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -433,8 +432,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -463,8 +460,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors.h b/src/libstrongswan/plugins/test_vectors/test_vectors.h
index 9bbe701ee..7ab965a82 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors.h
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors.h
@@ -303,4 +303,5 @@ TEST_VECTOR_DH(ecp224bp)
TEST_VECTOR_DH(ecp256bp)
TEST_VECTOR_DH(ecp384bp)
TEST_VECTOR_DH(ecp512bp)
-TEST_VECTOR_DH(curve25519)
+TEST_VECTOR_DH(curve25519_1)
+TEST_VECTOR_DH(curve25519_2)
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/curve25519.c b/src/libstrongswan/plugins/test_vectors/test_vectors/curve25519.c
index f46d81c16..676fcfc5a 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/curve25519.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/curve25519.c
@@ -16,10 +16,9 @@
#include <crypto/crypto_tester.h>
/**
- * From RFC 8031
+ * From RFC 8037
*/
-
-dh_test_vector_t curve25519 = {
+dh_test_vector_t curve25519_1 = {
.group = CURVE_25519, .priv_len = 32, .pub_len = 32, .shared_len = 32,
.priv_a = "\x77\x07\x6d\x0a\x73\x18\xa5\x7d\x3c\x16\xc1\x72\x51\xb2\x66\x45"
"\xdf\x4c\x2f\x87\xeb\xc0\x99\x2a\xb1\x77\xfb\xa5\x1d\xb9\x2c\x2a",
@@ -32,3 +31,20 @@ dh_test_vector_t curve25519 = {
.shared = "\x4a\x5d\x9d\x5b\xa4\xce\x2d\xe1\x72\x8e\x3b\xf4\x80\x35\x0f\x25"
"\xe0\x7e\x21\xc9\x47\xd1\x9e\x33\x76\xf0\x9b\x3c\x1e\x16\x17\x42",
};
+
+/**
+ * From RFC 8031
+ */
+dh_test_vector_t curve25519_2 = {
+ .group = CURVE_25519, .priv_len = 32, .pub_len = 32, .shared_len = 32,
+ .priv_a = "\x75\x1f\xb4\x30\x86\x55\xb4\x76\xb6\x78\x9b\x73\x25\xf9\xea\x8c"
+ "\xdd\xd1\x6a\x58\x53\x3f\xf6\xd9\xe6\x00\x09\x46\x4a\x5f\x9d\x94",
+ .priv_b = "\x0a\x54\x64\x52\x53\x29\x0d\x60\xdd\xad\xd0\xe0\x30\xba\xcd\x9e"
+ "\x55\x01\xef\xdc\x22\x07\x55\xa1\xe9\x78\xf1\xb8\x39\xa0\x56\x88",
+ .pub_a = "\x48\xd5\xdd\xd4\x06\x12\x57\xba\x16\x6f\xa3\xf9\xbb\xdb\x74\xf1"
+ "\xa4\xe8\x1c\x08\x93\x84\xfa\x77\xf7\x90\x70\x9f\x0d\xfb\xc7\x66",
+ .pub_b = "\x0b\xe7\xc1\xf5\xaa\xd8\x7d\x7e\x44\x86\x62\x67\x32\x98\xa4\x43"
+ "\x47\x8b\x85\x97\x45\x17\x9e\xaf\x56\x4c\x79\xc0\xef\x6e\xee\x25",
+ .shared = "\xc7\x49\x50\x60\x7a\x12\x32\x7f\x32\x04\xd9\x4b\x68\x25\xbf\xb0"
+ "\x68\xb7\xf8\x31\x9a\x9e\x37\x08\xed\x3d\x43\xce\x81\x30\xc9\x50",
+};
diff --git a/src/libstrongswan/plugins/unbound/Makefile.in b/src/libstrongswan/plugins/unbound/Makefile.in
index 2a4788ee1..8be6c1c3a 100644
--- a/src/libstrongswan/plugins/unbound/Makefile.in
+++ b/src/libstrongswan/plugins/unbound/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/winhttp/Makefile.in b/src/libstrongswan/plugins/winhttp/Makefile.in
index 7cd680095..20d6658c3 100644
--- a/src/libstrongswan/plugins/winhttp/Makefile.in
+++ b/src/libstrongswan/plugins/winhttp/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in
index 0f54f8cf0..ce53fff4d 100644
--- a/src/libstrongswan/plugins/x509/Makefile.in
+++ b/src/libstrongswan/plugins/x509/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index bc3a44346..f3d4377d8 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -369,8 +369,13 @@ static bool parse_otherName(chunk_t *blob, int level0, id_type_t *type)
switch (oid)
{
case OID_XMPP_ADDR:
- if (!asn1_parse_simple_object(&object, ASN1_UTF8STRING,
+ if (asn1_parse_simple_object(&object, ASN1_UTF8STRING,
parser->get_level(parser)+1, "xmppAddr"))
+ { /* we handle xmppAddr as RFC822 addr */
+ *blob = object;
+ *type = ID_RFC822_ADDR;
+ }
+ else
{
goto end;
}
@@ -2021,6 +2026,8 @@ chunk_t build_generalName(identification_t *id)
switch (id->get_type(id))
{
+ case ID_DER_ASN1_GN:
+ return chunk_clone(id->get_encoding(id));
case ID_RFC822_ADDR:
context = ASN1_CONTEXT_S_1;
break;
diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in
index 3a39037bc..966b6d733 100644
--- a/src/libstrongswan/plugins/xcbc/Makefile.in
+++ b/src/libstrongswan/plugins/xcbc/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/selectors/traffic_selector.h b/src/libstrongswan/selectors/traffic_selector.h
index dd9ad7e1b..03f7a6d8c 100644
--- a/src/libstrongswan/selectors/traffic_selector.h
+++ b/src/libstrongswan/selectors/traffic_selector.h
@@ -395,7 +395,7 @@ traffic_selector_t *traffic_selector_create_from_subnet(
* greater or equal to 256 they are assumed to be type and code as defined
* for traffic_selector_t.
*
- * @param protocol upper layer protocl to allow
+ * @param protocol upper layer protocol to allow
* @param from_port start of allowed port range
* @param to_port end of range
* @return
diff --git a/src/libstrongswan/settings/settings.c b/src/libstrongswan/settings/settings.c
index a4c5060fa..44d035fac 100644
--- a/src/libstrongswan/settings/settings.c
+++ b/src/libstrongswan/settings/settings.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010-2014 Tobias Brunner
+ * Copyright (C) 2010-2018 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
@@ -73,6 +73,7 @@ struct private_settings_t {
/**
* Print a format key, but consume already processed arguments
+ * Note that key and start point into the same string
*/
static bool print_key(char *buf, int len, char *start, char *key, va_list args)
{
@@ -115,6 +116,25 @@ static bool print_key(char *buf, int len, char *start, char *key, va_list args)
}
/**
+ * Check if the given section is contained in the given array.
+ */
+static bool has_section(array_t *array, section_t *section)
+{
+ section_t *current;
+ int i;
+
+ for (i = 0; i < array_count(array); i++)
+ {
+ array_get(array, i, &current);
+ if (current == section)
+ {
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
+
+/**
* Find a section by a given key, using buffered key, reusable buffer.
* If "ensure" is TRUE, the sections are created if they don't exist.
*/
@@ -160,15 +180,39 @@ static section_t *find_section_buffered(section_t *section,
}
/**
- * Find all sections via a given key considering fallbacks, using buffered key,
+ * Forward declaration
+ */
+static array_t *find_sections(private_settings_t *this, section_t *section,
+ char *key, va_list args, array_t **sections);
+
+/**
+ * Resolve the given reference. Not thread-safe.
+ * Only a vararg function to get an empty va_list.
+ */
+static void resolve_reference(private_settings_t *this, section_ref_t *ref,
+ array_t **sections, ...)
+{
+ va_list args;
+
+ va_start(args, sections);
+ find_sections(this, this->top, ref->name, args, sections);
+ va_end(args);
+}
+
+/**
+ * Find all sections via a given key considering references, using buffered key,
* reusable buffer.
*/
-static void find_sections_buffered(section_t *section, char *start, char *key,
- va_list args, char *buf, int len, array_t **sections)
+static void find_sections_buffered(private_settings_t *this, section_t *section,
+ char *start, char *key, va_list args,
+ char *buf, int len, bool ignore_refs,
+ array_t **sections)
{
- section_t *found = NULL, *fallback;
+ section_t *found = NULL, *reference;
+ array_t *references;
+ section_ref_t *ref;
char *pos;
- int i;
+ int i, j;
if (!section)
{
@@ -184,7 +228,7 @@ static void find_sections_buffered(section_t *section, char *start, char *key,
return;
}
if (pos)
- { /* restore so we can follow fallbacks */
+ { /* restore so we can follow references */
*pos = '.';
}
if (!strlen(buf))
@@ -199,147 +243,100 @@ static void find_sections_buffered(section_t *section, char *start, char *key,
{
if (pos)
{
- find_sections_buffered(found, start, pos+1, args, buf, len,
- sections);
+ find_sections_buffered(this, found, start, pos+1, args, buf, len,
+ FALSE, sections);
}
- else
+ else if (!has_section(*sections, found))
{
+ /* ignore if already added to avoid loops */
array_insert_create(sections, ARRAY_TAIL, found);
- for (i = 0; i < array_count(found->fallbacks); i++)
+ /* add all sections that are referenced here (also resolves
+ * references in parent sections of the referenced section) */
+ for (i = 0; i < array_count(found->references); i++)
{
- array_get(found->fallbacks, i, &fallback);
- array_insert_create(sections, ARRAY_TAIL, fallback);
+ array_get(found->references, i, &ref);
+ resolve_reference(this, ref, sections);
}
}
}
- if (section->fallbacks)
+ if (!ignore_refs && section != found && section->references)
{
- for (i = 0; i < array_count(section->fallbacks); i++)
+ /* find matching sub-sections relative to the referenced sections */
+ for (i = 0; i < array_count(section->references); i++)
{
- array_get(section->fallbacks, i, &fallback);
- find_sections_buffered(fallback, start, key, args, buf, len,
- sections);
+ array_get(section->references, i, &ref);
+ references = NULL;
+ resolve_reference(this, ref, &references);
+ for (j = 0; j < array_count(references); j++)
+ {
+ array_get(references, j, &reference);
+ /* ignore references in this referenced section, they were
+ * resolved via resolve_reference() */
+ find_sections_buffered(this, reference, start, key, args,
+ buf, len, TRUE, sections);
+ }
+ array_destroy(references);
}
}
}
/**
- * Ensure that the section with the given key exists (thread-safe).
+ * Ensure that the section with the given key exists (not thread-safe).
*/
static section_t *ensure_section(private_settings_t *this, section_t *section,
const char *key, va_list args)
{
char buf[128], keybuf[512];
- section_t *found;
if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf))
{
return NULL;
}
- /* we might have to change the tree */
- this->lock->write_lock(this->lock);
- found = find_section_buffered(section, keybuf, keybuf, args, buf,
- sizeof(buf), TRUE);
- this->lock->unlock(this->lock);
- return found;
+ return find_section_buffered(section, keybuf, keybuf, args, buf,
+ sizeof(buf), TRUE);
}
/**
- * Find a section by a given key with its fallbacks (not thread-safe!).
- * Sections are returned in depth-first order (array is allocated). NULL is
- * returned if no sections are found.
+ * Find a section by a given key with resolved references (not thread-safe!).
+ * The array is allocated. NULL is returned if no sections are found.
*/
static array_t *find_sections(private_settings_t *this, section_t *section,
- char *key, va_list args)
+ char *key, va_list args, array_t **sections)
{
char buf[128], keybuf[512];
- array_t *sections = NULL;
if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf))
{
return NULL;
}
- find_sections_buffered(section, keybuf, keybuf, args, buf,
- sizeof(buf), &sections);
- return sections;
-}
-
-/**
- * Check if the given fallback section already exists
- */
-static bool fallback_exists(section_t *section, section_t *fallback)
-{
- if (section == fallback)
- {
- return TRUE;
- }
- else if (section->fallbacks)
- {
- section_t *existing;
- int i;
-
- for (i = 0; i < array_count(section->fallbacks); i++)
- {
- array_get(section->fallbacks, i, &existing);
- if (existing == fallback)
- {
- return TRUE;
- }
- }
- }
- return FALSE;
-}
-
-/**
- * Ensure that the section with the given key exists and add the given fallback
- * section (thread-safe).
- */
-static void add_fallback_to_section(private_settings_t *this,
- section_t *section, const char *key, va_list args,
- section_t *fallback)
-{
- char buf[128], keybuf[512];
- section_t *found;
-
- if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf))
- {
- return;
- }
- this->lock->write_lock(this->lock);
- found = find_section_buffered(section, keybuf, keybuf, args, buf,
- sizeof(buf), TRUE);
- if (!fallback_exists(found, fallback))
- {
- /* to ensure sections referred to as fallback are not purged, we create
- * the array there too */
- if (!fallback->fallbacks)
- {
- fallback->fallbacks = array_create(0, 0);
- }
- array_insert_create(&found->fallbacks, ARRAY_TAIL, fallback);
- }
- this->lock->unlock(this->lock);
+ find_sections_buffered(this, section, keybuf, keybuf, args, buf,
+ sizeof(buf), FALSE, sections);
+ return *sections;
}
/**
* Find the key/value pair for a key, using buffered key, reusable buffer
- * If "ensure" is TRUE, the sections (and key/value pair) are created if they
- * don't exist.
- * Fallbacks are only considered if "ensure" is FALSE.
+ * There are two modes: 1. To find a key at an exact location and create the
+ * sections (and key/value pair) if necessary, don't pass an array for sections.
+ * 2. To find a key and follow references pass a pointer to an array to store
+ * visited sections. NULL is returned in this case if the key is not found.
*/
-static kv_t *find_value_buffered(section_t *section, char *start, char *key,
- va_list args, char *buf, int len, bool ensure)
+static kv_t *find_value_buffered(private_settings_t *this, section_t *section,
+ char *start, char *key, va_list args,
+ char *buf, int len, bool ignore_refs,
+ array_t **sections)
{
- int i;
- char *pos;
- kv_t *kv = NULL;
section_t *found = NULL;
+ kv_t *kv = NULL;
+ section_ref_t *ref;
+ array_t *references;
+ char *pos;
+ int i, j;
- if (section == NULL)
+ if (!section)
{
return NULL;
}
-
pos = strchr(key, '.');
if (pos)
{
@@ -348,7 +345,7 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key,
{
return NULL;
}
- /* restore so we can retry for fallbacks */
+ /* restore so we can follow references */
*pos = '.';
if (!strlen(buf))
{
@@ -357,7 +354,7 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key,
else if (array_bsearch(section->sections, buf, settings_section_find,
&found) == -1)
{
- if (ensure)
+ if (!sections)
{
found = settings_section_create(strdup(buf));
settings_section_add(section, found, NULL);
@@ -365,53 +362,144 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key,
}
if (found)
{
- kv = find_value_buffered(found, start, pos+1, args, buf, len,
- ensure);
- }
- if (!kv && !ensure && section->fallbacks)
- {
- for (i = 0; !kv && i < array_count(section->fallbacks); i++)
- {
- array_get(section->fallbacks, i, &found);
- kv = find_value_buffered(found, start, key, args, buf, len,
- ensure);
- }
+ kv = find_value_buffered(this, found, start, pos+1, args, buf, len,
+ FALSE, sections);
}
}
else
{
+ if (sections)
+ {
+ array_insert_create(sections, ARRAY_TAIL, section);
+ }
if (!print_key(buf, len, start, key, args))
{
return NULL;
}
if (array_bsearch(section->kv, buf, settings_kv_find, &kv) == -1)
{
- if (ensure)
+ if (!sections)
{
kv = settings_kv_create(strdup(buf), NULL);
settings_kv_add(section, kv, NULL);
}
- else if (section->fallbacks)
+ }
+ }
+ if (!kv && !ignore_refs && sections && section->references)
+ {
+ /* find key relative to the referenced sections */
+ for (i = 0; !kv && i < array_count(section->references); i++)
+ {
+ array_get(section->references, i, &ref);
+ references = NULL;
+ resolve_reference(this, ref, &references);
+ for (j = 0; !kv && j < array_count(references); j++)
{
- for (i = 0; !kv && i < array_count(section->fallbacks); i++)
+ array_get(references, j, &found);
+ /* ignore if already added to avoid loops */
+ if (!has_section(*sections, found))
{
- array_get(section->fallbacks, i, &found);
- kv = find_value_buffered(found, start, key, args, buf, len,
- ensure);
+ /* ignore references in this referenced section, they were
+ * resolved via resolve_reference() */
+ kv = find_value_buffered(this, found, start, key, args,
+ buf, len, TRUE, sections);
}
}
+ array_destroy(references);
}
}
return kv;
}
/**
+ * Remove the key/value pair for a key, using buffered key, reusable buffer
+ */
+static void remove_value_buffered(private_settings_t *this, section_t *section,
+ char *start, char *key, va_list args,
+ char *buf, int len)
+{
+ section_t *found = NULL;
+ kv_t *kv = NULL, *ordered = NULL;
+ char *pos;
+ int idx, i;
+
+ if (!section)
+ {
+ return;
+ }
+ pos = strchr(key, '.');
+ if (pos)
+ {
+ *pos = '\0';
+ pos++;
+ }
+ if (!print_key(buf, len, start, key, args))
+ {
+ return;
+ }
+ if (!strlen(buf))
+ {
+ found = section;
+ }
+ if (pos)
+ {
+ if (array_bsearch(section->sections, buf, settings_section_find,
+ &found) != -1)
+ {
+ remove_value_buffered(this, found, start, pos, args, buf, len);
+ }
+ }
+ else
+ {
+ idx = array_bsearch(section->kv, buf, settings_kv_find, &kv);
+ if (idx != -1)
+ {
+ array_remove(section->kv, idx, NULL);
+ for (i = 0; i < array_count(section->kv_order); i++)
+ {
+ array_get(section->kv_order, i, &ordered);
+ if (kv == ordered)
+ {
+ array_remove(section->kv_order, i, NULL);
+ settings_kv_destroy(kv, this->contents);
+ break;
+ }
+ }
+ }
+ }
+}
+
+/*
+ * Described in header
+ */
+void settings_remove_value(settings_t *settings, char *key, ...)
+{
+ private_settings_t *this = (private_settings_t*)settings;
+ char buf[128], keybuf[512];
+ va_list args;
+
+ if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf))
+ {
+ return;
+ }
+ va_start(args, key);
+
+ this->lock->read_lock(this->lock);
+ remove_value_buffered(this, this->top, keybuf, keybuf, args, buf,
+ sizeof(buf));
+ this->lock->unlock(this->lock);
+
+ va_end(args);
+}
+
+/**
* Find the string value for a key (thread-safe).
*/
static char *find_value(private_settings_t *this, section_t *section,
char *key, va_list args)
{
char buf[128], keybuf[512], *value = NULL;
+ array_t *sections = NULL;
kv_t *kv;
if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf))
@@ -419,13 +507,14 @@ static char *find_value(private_settings_t *this, section_t *section,
return NULL;
}
this->lock->read_lock(this->lock);
- kv = find_value_buffered(section, keybuf, keybuf, args, buf, sizeof(buf),
- FALSE);
+ kv = find_value_buffered(this, section, keybuf, keybuf, args,
+ buf, sizeof(buf), FALSE, &sections);
if (kv)
{
value = kv->value;
}
this->lock->unlock(this->lock);
+ array_destroy(sections);
return value;
}
@@ -443,8 +532,8 @@ static void set_value(private_settings_t *this, section_t *section,
return;
}
this->lock->write_lock(this->lock);
- kv = find_value_buffered(section, keybuf, keybuf, args, buf, sizeof(buf),
- TRUE);
+ kv = find_value_buffered(this, section, keybuf, keybuf, args,
+ buf, sizeof(buf), FALSE, NULL);
if (kv)
{
settings_kv_set(kv, strdupnull(value), this->contents);
@@ -761,12 +850,12 @@ METHOD(settings_t, create_section_enumerator, enumerator_t*,
private_settings_t *this, char *key, ...)
{
enumerator_data_t *data;
- array_t *sections;
+ array_t *sections = NULL;
va_list args;
this->lock->read_lock(this->lock);
va_start(args, key);
- sections = find_sections(this, this->top, key, args);
+ sections = find_sections(this, this->top, key, args, &sections);
va_end(args);
if (!sections)
@@ -793,13 +882,17 @@ CALLBACK(kv_filter, bool,
while (orig->enumerate(orig, &kv))
{
- if (seen->get(seen, kv->key) || !kv->value)
+ if (seen->get(seen, kv->key))
+ {
+ continue;
+ }
+ seen->put(seen, kv->key, kv->key);
+ if (!kv->value)
{
continue;
}
*key = kv->key;
*value = kv->value;
- seen->put(seen, kv->key, kv->key);
return TRUE;
}
return FALSE;
@@ -818,12 +911,12 @@ METHOD(settings_t, create_key_value_enumerator, enumerator_t*,
private_settings_t *this, char *key, ...)
{
enumerator_data_t *data;
- array_t *sections;
+ array_t *sections = NULL;
va_list args;
this->lock->read_lock(this->lock);
va_start(args, key);
- sections = find_sections(this, this->top, key, args);
+ sections = find_sections(this, this->top, key, args, &sections);
va_end(args);
if (!sections)
@@ -845,33 +938,34 @@ METHOD(settings_t, add_fallback, void,
{
section_t *section;
va_list args;
+ char buf[512];
- /* find/create the fallback */
+ this->lock->write_lock(this->lock);
va_start(args, fallback);
- section = ensure_section(this, this->top, fallback, args);
+ section = ensure_section(this, this->top, key, args);
va_end(args);
va_start(args, fallback);
- add_fallback_to_section(this, this->top, key, args, section);
+ if (section && vsnprintf(buf, sizeof(buf), fallback, args) < sizeof(buf))
+ {
+ settings_reference_add(section, strdup(buf), TRUE);
+ }
va_end(args);
+ this->lock->unlock(this->lock);
}
/**
* Load settings from files matching the given file pattern or from a string.
- * All sections and values are added relative to "parent".
* All files (even included ones) have to be loaded successfully.
- * If merge is FALSE the contents of parent are replaced with the parsed
- * contents, otherwise they are merged together.
*/
-static bool load_internal(private_settings_t *this, section_t *parent,
- char *pattern, bool merge, bool string)
+static section_t *load_internal(char *pattern, bool string)
{
section_t *section;
bool loaded;
if (pattern == NULL || !pattern[0])
- { /* TODO: Clear parent if merge is FALSE? */
- return TRUE;
+ {
+ return settings_section_create(NULL);
}
section = settings_section_create(NULL);
@@ -880,61 +974,101 @@ static bool load_internal(private_settings_t *this, section_t *parent,
if (!loaded)
{
settings_section_destroy(section, NULL);
- return FALSE;
+ section = NULL;
}
+ return section;
+}
- this->lock->write_lock(this->lock);
- settings_section_extend(parent, section, this->contents, !merge);
+/**
+ * Add sections and values in "section" relative to "parent".
+ * If merge is FALSE the contents of parent are replaced with the parsed
+ * contents, otherwise they are merged together.
+ *
+ * Releases the write lock and destroys the given section.
+ * If parent is NULL this is all that happens.
+ */
+static bool extend_section(private_settings_t *this, section_t *parent,
+ section_t *section, bool merge)
+{
+ if (parent)
+ {
+ settings_section_extend(parent, section, this->contents, !merge);
+ }
this->lock->unlock(this->lock);
-
settings_section_destroy(section, NULL);
- return TRUE;
+ return parent != NULL;
}
METHOD(settings_t, load_files, bool,
private_settings_t *this, char *pattern, bool merge)
{
- return load_internal(this, this->top, pattern, merge, FALSE);
+ section_t *section;
+
+ section = load_internal(pattern, FALSE);
+ if (!section)
+ {
+ return FALSE;
+ }
+
+ this->lock->write_lock(this->lock);
+ return extend_section(this, this->top, section, merge);
}
METHOD(settings_t, load_files_section, bool,
private_settings_t *this, char *pattern, bool merge, char *key, ...)
{
- section_t *section;
+ section_t *section, *parent;
va_list args;
- va_start(args, key);
- section = ensure_section(this, this->top, key, args);
- va_end(args);
-
+ section = load_internal(pattern, FALSE);
if (!section)
{
return FALSE;
}
- return load_internal(this, section, pattern, merge, FALSE);
+
+ this->lock->write_lock(this->lock);
+
+ va_start(args, key);
+ parent = ensure_section(this, this->top, key, args);
+ va_end(args);
+
+ return extend_section(this, parent, section, merge);
}
METHOD(settings_t, load_string, bool,
private_settings_t *this, char *settings, bool merge)
{
- return load_internal(this, this->top, settings, merge, TRUE);
+ section_t *section;
+
+ section = load_internal(settings, TRUE);
+ if (!section)
+ {
+ return FALSE;
+ }
+
+ this->lock->write_lock(this->lock);
+ return extend_section(this, this->top, section, merge);
}
METHOD(settings_t, load_string_section, bool,
private_settings_t *this, char *settings, bool merge, char *key, ...)
{
- section_t *section;
+ section_t *section, *parent;
va_list args;
- va_start(args, key);
- section = ensure_section(this, this->top, key, args);
- va_end(args);
-
+ section = load_internal(settings, TRUE);
if (!section)
{
return FALSE;
}
- return load_internal(this, section, settings, merge, TRUE);
+
+ this->lock->write_lock(this->lock);
+
+ va_start(args, key);
+ parent = ensure_section(this, this->top, key, args);
+ va_end(args);
+
+ return extend_section(this, parent, section, merge);
}
METHOD(settings_t, destroy, void,
diff --git a/src/libstrongswan/settings/settings.h b/src/libstrongswan/settings/settings.h
index e25c9da38..814cf32e5 100644
--- a/src/libstrongswan/settings/settings.h
+++ b/src/libstrongswan/settings/settings.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010 Tobias Brunner
+ * Copyright (C) 2010-2018 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
@@ -288,15 +288,9 @@ struct settings_t {
* 'section-one.two' will result in a lookup for the same section/key
* in 'section-two'.
*
- * @note Lookups are depth-first and currently strictly top-down.
- * For instance, if app.sec had lib1.sec as fallback and lib1 had lib2 as
- * fallback the keys/sections in lib2.sec would not be considered. But if
- * app had lib3 as fallback the contents of lib3.sec would (as app is passed
- * during the initial lookup). In the last example the order during
- * enumerations would be app.sec, lib1.sec, lib3.sec.
- *
* @note Additional arguments will be applied to both section format
- * strings so they must be compatible.
+ * strings so they must be compatible. And they are evaluated immediately,
+ * so arguments can't contain dots.
*
* @param section section for which a fallback is configured, printf style
* @param fallback fallback section, printf style
@@ -413,4 +407,18 @@ settings_t *settings_create(char *file);
*/
settings_t *settings_create_string(char *settings);
+/**
+ * Remove the given key/value.
+ *
+ * Compared to setting a key to NULL, which makes it appear to be unset (i.e.
+ * default values will apply) this removes the given key (if found) and
+ * references/fallbacks will apply when looking for that key. This is mainly
+ * usefuls for the unit tests.
+ *
+ * @param settings settings to remove key/value from
+ * @param key key including sections, printf style format
+ * @param ... argument list for key
+ */
+void settings_remove_value(settings_t *settings, char *key, ...);
+
#endif /** SETTINGS_H_ @}*/
diff --git a/src/libstrongswan/settings/settings_lexer.c b/src/libstrongswan/settings/settings_lexer.c
index b13ff8009..c29dfa57b 100644
--- a/src/libstrongswan/settings/settings_lexer.c
+++ b/src/libstrongswan/settings/settings_lexer.c
@@ -468,8 +468,8 @@ static void yy_fatal_error (yyconst char msg[] ,yyscan_t yyscanner );
yyg->yy_c_buf_p = yy_cp;
/* %% [4.0] data tables for the DFA and the user's section 1 definitions go here */
-#define YY_NUM_RULES 30
-#define YY_END_OF_BUFFER 31
+#define YY_NUM_RULES 39
+#define YY_END_OF_BUFFER 40
/* This struct is not used in this scanner,
but its presence is necessary. */
struct yy_trans_info
@@ -477,15 +477,17 @@ struct yy_trans_info
flex_int32_t yy_verify;
flex_int32_t yy_nxt;
};
-static yyconst flex_int16_t yy_accept[63] =
+static yyconst flex_int16_t yy_accept[85] =
{ 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 31, 9,
- 2, 3, 2, 8, 1, 6, 9, 4, 5, 14,
- 11, 12, 10, 13, 20, 16, 15, 17, 18, 29,
- 21, 22, 23, 9, 2, 2, 1, 1, 3, 0,
- 9, 14, 11, 20, 19, 29, 28, 27, 28, 24,
- 25, 26, 1, 9, 9, 9, 9, 9, 0, 7,
- 7, 0
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 40, 12, 2, 3, 2, 11, 1, 7, 6, 8,
+ 9, 12, 4, 5, 17, 14, 15, 14, 18, 13,
+ 16, 23, 20, 21, 19, 22, 29, 25, 24, 26,
+ 27, 38, 30, 31, 32, 12, 2, 2, 1, 1,
+ 3, 0, 12, 17, 0, 14, 14, 13, 13, 15,
+ 0, 23, 20, 29, 28, 38, 37, 36, 37, 33,
+ 34, 35, 1, 12, 17, 13, 12, 12, 12, 12,
+ 0, 10, 10, 0
} ;
static yyconst YY_CHAR yy_ec[256] =
@@ -494,16 +496,16 @@ static yyconst YY_CHAR yy_ec[256] =
1, 1, 4, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 5, 1, 6, 7, 1, 1, 1, 1, 1,
+ 1, 1, 1, 8, 1, 9, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 10, 1, 1,
+ 11, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 8, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 9, 1, 1, 1, 1, 1, 1, 10, 11,
+ 1, 12, 1, 1, 1, 1, 1, 1, 13, 14,
- 12, 1, 1, 1, 13, 1, 1, 14, 1, 15,
- 1, 1, 1, 16, 1, 17, 18, 1, 1, 1,
- 1, 1, 19, 1, 20, 1, 1, 1, 1, 1,
+ 15, 1, 1, 1, 16, 1, 1, 17, 1, 18,
+ 1, 1, 1, 19, 1, 20, 21, 1, 1, 1,
+ 1, 1, 22, 1, 23, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
@@ -520,113 +522,144 @@ static yyconst YY_CHAR yy_ec[256] =
1, 1, 1, 1, 1
} ;
-static yyconst YY_CHAR yy_meta[21] =
+static yyconst YY_CHAR yy_meta[24] =
{ 0,
- 1, 2, 3, 4, 5, 6, 7, 8, 9, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 10, 7
+ 1, 2, 3, 4, 5, 6, 5, 7, 8, 7,
+ 9, 10, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 7, 5
} ;
-static yyconst flex_uint16_t yy_base[77] =
+static yyconst flex_uint16_t yy_base[103] =
{ 0,
- 0, 0, 19, 38, 57, 76, 23, 24, 70, 0,
- 95, 244, 0, 244, 31, 244, 54, 244, 244, 0,
- 44, 244, 244, 244, 0, 244, 244, 244, 0, 0,
- 244, 244, 100, 0, 0, 0, 0, 33, 244, 65,
- 57, 0, 45, 0, 244, 0, 244, 244, 62, 244,
- 244, 244, 0, 43, 36, 27, 19, 46, 50, 244,
- 51, 244, 117, 127, 137, 147, 155, 160, 170, 180,
- 186, 193, 203, 213, 223, 233
+ 0, 0, 23, 0, 45, 67, 89, 111, 49, 50,
+ 124, 0, 133, 335, 55, 335, 60, 335, 335, 335,
+ 335, 104, 335, 335, 112, 139, 335, 73, 335, 62,
+ 335, 0, 74, 335, 335, 335, 0, 335, 335, 335,
+ 0, 0, 335, 335, 144, 0, 0, 78, 0, 81,
+ 335, 117, 106, 102, 0, 0, 84, 0, 94, 335,
+ 107, 0, 97, 0, 335, 0, 335, 335, 106, 335,
+ 335, 335, 0, 89, 78, 0, 60, 53, 43, 98,
+ 102, 335, 103, 335, 164, 174, 184, 194, 204, 214,
+ 224, 234, 244, 249, 255, 264, 274, 284, 294, 304,
+
+ 314, 324
} ;
-static yyconst flex_int16_t yy_def[77] =
+static yyconst flex_int16_t yy_def[103] =
{ 0,
- 62, 1, 63, 63, 64, 64, 65, 65, 62, 66,
- 62, 62, 67, 62, 68, 62, 66, 62, 62, 69,
- 62, 62, 62, 62, 70, 62, 62, 62, 71, 72,
- 62, 62, 73, 66, 11, 67, 74, 68, 62, 75,
- 66, 69, 62, 70, 62, 72, 62, 62, 62, 62,
- 62, 62, 74, 66, 66, 66, 66, 66, 76, 62,
- 76, 0, 62, 62, 62, 62, 62, 62, 62, 62,
- 62, 62, 62, 62, 62, 62
+ 84, 1, 84, 3, 85, 85, 86, 86, 87, 87,
+ 84, 88, 84, 84, 84, 84, 89, 84, 84, 84,
+ 84, 88, 84, 84, 90, 84, 84, 84, 84, 91,
+ 84, 92, 84, 84, 84, 84, 93, 84, 84, 84,
+ 94, 95, 84, 84, 96, 88, 13, 84, 97, 89,
+ 84, 98, 88, 90, 99, 26, 84, 100, 91, 84,
+ 101, 92, 84, 93, 84, 95, 84, 84, 84, 84,
+ 84, 84, 97, 88, 99, 100, 88, 88, 88, 88,
+ 102, 84, 102, 0, 84, 84, 84, 84, 84, 84,
+ 84, 84, 84, 84, 84, 84, 84, 84, 84, 84,
+
+ 84, 84
} ;
-static yyconst flex_uint16_t yy_nxt[265] =
+static yyconst flex_uint16_t yy_nxt[359] =
{ 0,
- 10, 11, 12, 13, 11, 14, 15, 16, 10, 10,
- 10, 10, 17, 10, 10, 10, 10, 10, 18, 19,
- 21, 22, 23, 21, 24, 22, 31, 31, 32, 32,
- 58, 33, 33, 39, 40, 39, 40, 57, 22, 21,
- 22, 23, 21, 24, 22, 43, 43, 59, 43, 43,
- 59, 61, 61, 56, 61, 61, 55, 22, 26, 26,
- 27, 26, 28, 26, 48, 29, 54, 39, 41, 62,
- 62, 62, 62, 62, 62, 62, 26, 26, 26, 27,
- 26, 28, 26, 62, 29, 62, 62, 62, 62, 62,
- 62, 62, 62, 62, 62, 26, 35, 62, 36, 35,
-
- 62, 37, 48, 49, 62, 62, 62, 62, 62, 62,
- 62, 62, 62, 62, 50, 51, 52, 20, 20, 20,
- 20, 20, 20, 20, 20, 20, 20, 25, 25, 25,
- 25, 25, 25, 25, 25, 25, 25, 30, 30, 30,
- 30, 30, 30, 30, 30, 30, 30, 34, 62, 62,
- 62, 62, 62, 62, 62, 34, 36, 62, 36, 36,
- 38, 38, 38, 38, 38, 38, 38, 38, 38, 38,
- 42, 62, 62, 62, 62, 62, 62, 42, 42, 42,
- 44, 62, 62, 62, 62, 62, 62, 44, 62, 44,
- 45, 45, 45, 46, 46, 46, 62, 46, 62, 46,
-
- 46, 62, 46, 47, 47, 47, 47, 47, 47, 47,
- 47, 47, 47, 53, 53, 62, 62, 53, 53, 53,
- 53, 53, 53, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 60, 60, 60, 60, 60, 60, 60,
- 62, 60, 60, 9, 62, 62, 62, 62, 62, 62,
- 62, 62, 62, 62, 62, 62, 62, 62, 62, 62,
- 62, 62, 62, 62
+ 12, 13, 14, 15, 13, 16, 17, 18, 19, 20,
+ 21, 12, 12, 12, 12, 22, 12, 12, 12, 12,
+ 12, 23, 24, 25, 26, 27, 28, 26, 29, 30,
+ 31, 29, 29, 29, 25, 25, 25, 25, 25, 25,
+ 25, 25, 25, 25, 29, 29, 33, 34, 35, 33,
+ 36, 34, 43, 43, 44, 44, 48, 80, 48, 48,
+ 45, 45, 51, 52, 60, 61, 79, 34, 33, 34,
+ 35, 33, 36, 34, 57, 63, 57, 57, 63, 48,
+ 78, 48, 48, 51, 52, 57, 55, 57, 57, 34,
+ 38, 38, 39, 38, 40, 38, 60, 61, 63, 81,
+
+ 41, 63, 81, 83, 83, 77, 83, 83, 68, 60,
+ 55, 38, 38, 38, 39, 38, 40, 38, 74, 51,
+ 55, 53, 41, 84, 84, 84, 84, 84, 84, 84,
+ 84, 84, 84, 38, 47, 84, 48, 47, 84, 49,
+ 56, 84, 57, 56, 84, 58, 68, 69, 84, 84,
+ 84, 84, 84, 84, 84, 84, 84, 84, 84, 84,
+ 84, 70, 71, 72, 32, 32, 32, 32, 32, 32,
+ 32, 32, 32, 32, 37, 37, 37, 37, 37, 37,
+ 37, 37, 37, 37, 42, 42, 42, 42, 42, 42,
+ 42, 42, 42, 42, 46, 84, 84, 84, 84, 84,
+
+ 84, 84, 84, 46, 50, 50, 50, 50, 50, 50,
+ 50, 50, 50, 50, 54, 84, 84, 84, 84, 84,
+ 84, 54, 84, 54, 59, 59, 59, 59, 59, 59,
+ 59, 59, 59, 59, 62, 84, 84, 84, 84, 84,
+ 62, 62, 62, 62, 64, 84, 84, 84, 84, 84,
+ 64, 64, 64, 65, 65, 66, 66, 66, 84, 66,
+ 84, 66, 66, 66, 67, 67, 67, 67, 67, 67,
+ 67, 67, 67, 67, 73, 73, 84, 84, 73, 73,
+ 73, 73, 73, 73, 52, 52, 52, 52, 52, 52,
+ 52, 52, 52, 52, 75, 84, 84, 84, 84, 84,
+
+ 84, 84, 84, 75, 76, 76, 84, 84, 76, 76,
+ 76, 76, 76, 76, 61, 61, 61, 61, 61, 61,
+ 61, 61, 61, 61, 82, 82, 82, 82, 82, 82,
+ 82, 82, 84, 82, 11, 84, 84, 84, 84, 84,
+ 84, 84, 84, 84, 84, 84, 84, 84, 84, 84,
+ 84, 84, 84, 84, 84, 84, 84, 84
} ;
-static yyconst flex_int16_t yy_chk[265] =
+static yyconst flex_int16_t yy_chk[359] =
{ 0,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 3, 3, 3, 3, 3, 3, 7, 8, 7, 8,
- 57, 7, 8, 15, 15, 38, 38, 56, 3, 4,
- 4, 4, 4, 4, 4, 21, 43, 58, 21, 43,
- 58, 59, 61, 55, 59, 61, 54, 4, 5, 5,
- 5, 5, 5, 5, 49, 5, 41, 40, 17, 9,
- 0, 0, 0, 0, 0, 0, 5, 6, 6, 6,
- 6, 6, 6, 0, 6, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 6, 11, 0, 11, 11,
-
- 0, 11, 33, 33, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 33, 33, 33, 63, 63, 63,
- 63, 63, 63, 63, 63, 63, 63, 64, 64, 64,
- 64, 64, 64, 64, 64, 64, 64, 65, 65, 65,
- 65, 65, 65, 65, 65, 65, 65, 66, 0, 0,
- 0, 0, 0, 0, 0, 66, 67, 0, 67, 67,
- 68, 68, 68, 68, 68, 68, 68, 68, 68, 68,
- 69, 0, 0, 0, 0, 0, 0, 69, 69, 69,
- 70, 0, 0, 0, 0, 0, 0, 70, 0, 70,
- 71, 71, 71, 72, 72, 72, 0, 72, 0, 72,
-
- 72, 0, 72, 73, 73, 73, 73, 73, 73, 73,
- 73, 73, 73, 74, 74, 0, 0, 74, 74, 74,
- 74, 74, 74, 75, 75, 75, 75, 75, 75, 75,
- 75, 75, 75, 76, 76, 76, 76, 76, 76, 76,
- 0, 76, 76, 62, 62, 62, 62, 62, 62, 62,
- 62, 62, 62, 62, 62, 62, 62, 62, 62, 62,
- 62, 62, 62, 62
+ 1, 1, 1, 3, 3, 3, 3, 3, 3, 3,
+ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
+ 3, 3, 3, 3, 3, 3, 5, 5, 5, 5,
+ 5, 5, 9, 10, 9, 10, 15, 79, 15, 15,
+ 9, 10, 17, 17, 30, 30, 78, 5, 6, 6,
+ 6, 6, 6, 6, 28, 33, 28, 28, 33, 48,
+ 77, 48, 48, 50, 50, 57, 75, 57, 57, 6,
+ 7, 7, 7, 7, 7, 7, 59, 59, 63, 80,
+
+ 7, 63, 80, 81, 83, 74, 81, 83, 69, 61,
+ 54, 7, 8, 8, 8, 8, 8, 8, 53, 52,
+ 25, 22, 8, 11, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 8, 13, 0, 13, 13, 0, 13,
+ 26, 0, 26, 26, 0, 26, 45, 45, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 45, 45, 45, 85, 85, 85, 85, 85, 85,
+ 85, 85, 85, 85, 86, 86, 86, 86, 86, 86,
+ 86, 86, 86, 86, 87, 87, 87, 87, 87, 87,
+ 87, 87, 87, 87, 88, 0, 0, 0, 0, 0,
+
+ 0, 0, 0, 88, 89, 89, 89, 89, 89, 89,
+ 89, 89, 89, 89, 90, 0, 0, 0, 0, 0,
+ 0, 90, 0, 90, 91, 91, 91, 91, 91, 91,
+ 91, 91, 91, 91, 92, 0, 0, 0, 0, 0,
+ 92, 92, 92, 92, 93, 0, 0, 0, 0, 0,
+ 93, 93, 93, 94, 94, 95, 95, 95, 0, 95,
+ 0, 95, 95, 95, 96, 96, 96, 96, 96, 96,
+ 96, 96, 96, 96, 97, 97, 0, 0, 97, 97,
+ 97, 97, 97, 97, 98, 98, 98, 98, 98, 98,
+ 98, 98, 98, 98, 99, 0, 0, 0, 0, 0,
+
+ 0, 0, 0, 99, 100, 100, 0, 0, 100, 100,
+ 100, 100, 100, 100, 101, 101, 101, 101, 101, 101,
+ 101, 101, 101, 101, 102, 102, 102, 102, 102, 102,
+ 102, 102, 0, 102, 84, 84, 84, 84, 84, 84,
+ 84, 84, 84, 84, 84, 84, 84, 84, 84, 84,
+ 84, 84, 84, 84, 84, 84, 84, 84
} ;
/* Table of booleans, true if rule could match eol. */
-static yyconst flex_int32_t yy_rule_can_match_eol[31] =
+static yyconst flex_int32_t yy_rule_can_match_eol[40] =
{ 0,
-0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, };
+0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0,
+ 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0,
+ };
-static yyconst flex_int16_t yy_rule_linenum[30] =
+static yyconst flex_int16_t yy_rule_linenum[39] =
{ 0,
- 61, 62, 63, 65, 66, 68, 73, 78, 83, 89,
- 90, 92, 112, 118, 125, 128, 148, 151, 154, 157,
- 163, 164, 166, 186, 187, 188, 189, 190, 191
+ 66, 67, 68, 70, 71, 73, 74, 76, 81, 86,
+ 91, 96, 102, 103, 104, 106, 108, 113, 120, 121,
+ 123, 144, 150, 157, 160, 180, 183, 186, 189, 195,
+ 196, 198, 218, 219, 220, 221, 222, 223
} ;
/* The intent behind this definition is that it'll catch
@@ -639,7 +672,7 @@ static yyconst flex_int16_t yy_rule_linenum[30] =
#line 1 "settings/settings_lexer.l"
#line 2 "settings/settings_lexer.l"
/*
- * Copyright (C) 2014 Tobias Brunner
+ * Copyright (C) 2014-2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -662,7 +695,7 @@ bool settings_parser_open_next_file(parser_helper_t *ctx);
static void include_files(parser_helper_t *ctx);
/* use start conditions stack */
-/* do not declare unneded functions */
+/* do not declare unneeded functions */
#define YY_NO_INPUT 1
/* don't use global variables, and interact properly with bison */
/* maintain the line number */
@@ -670,18 +703,22 @@ static void include_files(parser_helper_t *ctx);
/* prefix function/variable declarations */
/* don't change the name of the output file otherwise autotools has issues */
/* type of our extra data */
+/* state used to scan references */
+
/* state used to scan values */
/* state used to scan include file patterns */
/* state used to scan quoted strings */
-#line 680 "settings/settings_lexer.c"
+/* pattern for section/key names */
+#line 716 "settings/settings_lexer.c"
#define INITIAL 0
-#define val 1
-#define inc 2
-#define str 3
+#define ref 1
+#define val 2
+#define inc 3
+#define str 4
#ifndef YY_NO_UNISTD_H
/* Special case for "unistd.h", since it is non-ANSI. We include it way
@@ -1030,10 +1067,10 @@ YY_DECL
{
/* %% [7.0] user's declarations go here */
-#line 59 "settings/settings_lexer.l"
+#line 64 "settings/settings_lexer.l"
-#line 1037 "settings/settings_lexer.c"
+#line 1074 "settings/settings_lexer.c"
while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */
{
@@ -1062,13 +1099,13 @@ yy_match:
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 63 )
+ if ( yy_current_state >= 85 )
yy_c = yy_meta[(unsigned int) yy_c];
}
yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
++yy_cp;
}
- while ( yy_base[yy_current_state] != 244 );
+ while ( yy_base[yy_current_state] != 335 );
yy_find_action:
/* %% [10.0] code to find the action number goes here */
@@ -1103,13 +1140,13 @@ do_action: /* This label is used only to access EOF actions. */
{
if ( yy_act == 0 )
fprintf( stderr, "--scanner backing up\n" );
- else if ( yy_act < 30 )
+ else if ( yy_act < 39 )
fprintf( stderr, "--accepting rule at line %ld (\"%s\")\n",
(long)yy_rule_linenum[yy_act], yytext );
- else if ( yy_act == 30 )
+ else if ( yy_act == 39 )
fprintf( stderr, "--accepting default rule (\"%s\")\n",
yytext );
- else if ( yy_act == 31 )
+ else if ( yy_act == 40 )
fprintf( stderr, "--(end of buffer or a NUL)\n" );
else
fprintf( stderr, "--EOF (start condition %d)\n", YY_START );
@@ -1127,81 +1164,138 @@ do_action: /* This label is used only to access EOF actions. */
case 1:
YY_RULE_SETUP
-#line 61 "settings/settings_lexer.l"
+#line 66 "settings/settings_lexer.l"
/* eat comments */
YY_BREAK
case 2:
YY_RULE_SETUP
-#line 62 "settings/settings_lexer.l"
+#line 67 "settings/settings_lexer.l"
/* eat whitespace */
YY_BREAK
case 3:
/* rule 3 can match eol */
YY_RULE_SETUP
-#line 63 "settings/settings_lexer.l"
-return NEWLINE; /* also eats comments at the end of a line */
+#line 68 "settings/settings_lexer.l"
+/* eat newlines and comments at the end of a line */
YY_BREAK
case 4:
-#line 66 "settings/settings_lexer.l"
+#line 71 "settings/settings_lexer.l"
case 5:
YY_RULE_SETUP
-#line 66 "settings/settings_lexer.l"
+#line 71 "settings/settings_lexer.l"
return yytext[0];
YY_BREAK
case 6:
YY_RULE_SETUP
-#line 68 "settings/settings_lexer.l"
+#line 73 "settings/settings_lexer.l"
+return DOT;
+ YY_BREAK
+case 7:
+YY_RULE_SETUP
+#line 74 "settings/settings_lexer.l"
+return COMMA;
+ YY_BREAK
+case 8:
+YY_RULE_SETUP
+#line 76 "settings/settings_lexer.l"
+{
+ yy_push_state(ref, yyscanner);
+ return COLON;
+}
+ YY_BREAK
+case 9:
+YY_RULE_SETUP
+#line 81 "settings/settings_lexer.l"
{
yy_push_state(val, yyscanner);
return yytext[0];
}
YY_BREAK
-case 7:
-/* rule 7 can match eol */
+case 10:
+/* rule 10 can match eol */
*yy_cp = yyg->yy_hold_char; /* undo effects of setting up yytext */
YY_LINENO_REWIND_TO(yy_cp - 1);
yyg->yy_c_buf_p = yy_cp -= 1;
YY_DO_BEFORE_ACTION; /* set up yytext again */
YY_RULE_SETUP
-#line 73 "settings/settings_lexer.l"
+#line 86 "settings/settings_lexer.l"
{
yyextra->string_init(yyextra);
yy_push_state(inc, yyscanner);
}
YY_BREAK
-case 8:
+case 11:
YY_RULE_SETUP
-#line 78 "settings/settings_lexer.l"
+#line 91 "settings/settings_lexer.l"
{
PARSER_DBG1(yyextra, "unexpected string detected");
return STRING_ERROR;
}
YY_BREAK
-case 9:
+case 12:
YY_RULE_SETUP
-#line 83 "settings/settings_lexer.l"
+#line 96 "settings/settings_lexer.l"
{
yylval->s = strdup(yytext);
return NAME;
}
YY_BREAK
-case 10:
+case 13:
+YY_RULE_SETUP
+#line 102 "settings/settings_lexer.l"
+/* eat comments */
+ YY_BREAK
+case 14:
+YY_RULE_SETUP
+#line 103 "settings/settings_lexer.l"
+/* eat whitespace */
+ YY_BREAK
+case 15:
+/* rule 15 can match eol */
+YY_RULE_SETUP
+#line 104 "settings/settings_lexer.l"
+/* eat newlines and comments at the end of a line */
+ YY_BREAK
+case 16:
+YY_RULE_SETUP
+#line 106 "settings/settings_lexer.l"
+return COMMA;
+ YY_BREAK
+case 17:
YY_RULE_SETUP
-#line 89 "settings/settings_lexer.l"
+#line 108 "settings/settings_lexer.l"
+{
+ yylval->s = strdup(yytext);
+ return NAME;
+ }
+ YY_BREAK
+case 18:
+YY_RULE_SETUP
+#line 113 "settings/settings_lexer.l"
+{
+ unput(yytext[0]);
+ yy_pop_state(yyscanner);
+ }
+ YY_BREAK
+
+
+case 19:
+YY_RULE_SETUP
+#line 120 "settings/settings_lexer.l"
/* just ignore these */
YY_BREAK
-case 11:
+case 20:
YY_RULE_SETUP
-#line 90 "settings/settings_lexer.l"
+#line 121 "settings/settings_lexer.l"
YY_BREAK
case YY_STATE_EOF(val):
-#line 91 "settings/settings_lexer.l"
-case 12:
-/* rule 12 can match eol */
+#line 122 "settings/settings_lexer.l"
+case 21:
+/* rule 21 can match eol */
YY_RULE_SETUP
-#line 92 "settings/settings_lexer.l"
+#line 123 "settings/settings_lexer.l"
{
if (*yytext)
{
@@ -1220,20 +1314,21 @@ YY_RULE_SETUP
}
}
yy_pop_state(yyscanner);
+ return NEWLINE;
}
YY_BREAK
-case 13:
+case 22:
YY_RULE_SETUP
-#line 112 "settings/settings_lexer.l"
+#line 144 "settings/settings_lexer.l"
{
yyextra->string_init(yyextra);
yy_push_state(str, yyscanner);
}
YY_BREAK
/* same as above, but allow more characters */
-case 14:
+case 23:
YY_RULE_SETUP
-#line 118 "settings/settings_lexer.l"
+#line 150 "settings/settings_lexer.l"
{
yylval->s = strdup(yytext);
return NAME;
@@ -1241,18 +1336,18 @@ YY_RULE_SETUP
YY_BREAK
-case 15:
+case 24:
YY_RULE_SETUP
-#line 125 "settings/settings_lexer.l"
+#line 157 "settings/settings_lexer.l"
/* just ignore these */
YY_BREAK
/* we allow all characters except #, } and spaces, they can be escaped */
case YY_STATE_EOF(inc):
-#line 127 "settings/settings_lexer.l"
-case 16:
-/* rule 16 can match eol */
+#line 159 "settings/settings_lexer.l"
+case 25:
+/* rule 25 can match eol */
YY_RULE_SETUP
-#line 128 "settings/settings_lexer.l"
+#line 160 "settings/settings_lexer.l"
{
if (*yytext)
{
@@ -1274,49 +1369,49 @@ YY_RULE_SETUP
yy_pop_state(yyscanner);
}
YY_BREAK
-case 17:
+case 26:
YY_RULE_SETUP
-#line 148 "settings/settings_lexer.l"
+#line 180 "settings/settings_lexer.l"
{ /* string include */
yy_push_state(str, yyscanner);
}
YY_BREAK
-case 18:
+case 27:
YY_RULE_SETUP
-#line 151 "settings/settings_lexer.l"
+#line 183 "settings/settings_lexer.l"
{
yyextra->string_add(yyextra, yytext);
}
YY_BREAK
-case 19:
+case 28:
YY_RULE_SETUP
-#line 154 "settings/settings_lexer.l"
+#line 186 "settings/settings_lexer.l"
{
yyextra->string_add(yyextra, yytext+1);
}
YY_BREAK
-case 20:
+case 29:
YY_RULE_SETUP
-#line 157 "settings/settings_lexer.l"
+#line 189 "settings/settings_lexer.l"
{
yyextra->string_add(yyextra, yytext);
}
YY_BREAK
-case 21:
+case 30:
YY_RULE_SETUP
-#line 163 "settings/settings_lexer.l"
+#line 195 "settings/settings_lexer.l"
/* just ignore these */
YY_BREAK
-case 22:
-#line 165 "settings/settings_lexer.l"
+case 31:
+#line 197 "settings/settings_lexer.l"
YY_RULE_SETUP
case YY_STATE_EOF(str):
-#line 165 "settings/settings_lexer.l"
-case 23:
+#line 197 "settings/settings_lexer.l"
+case 32:
YY_RULE_SETUP
-#line 166 "settings/settings_lexer.l"
+#line 198 "settings/settings_lexer.l"
{
if (!streq(yytext, "\""))
{
@@ -1337,43 +1432,44 @@ YY_RULE_SETUP
}
}
YY_BREAK
-case 24:
+case 33:
YY_RULE_SETUP
-#line 186 "settings/settings_lexer.l"
+#line 218 "settings/settings_lexer.l"
yyextra->string_add(yyextra, "\n");
YY_BREAK
-case 25:
+case 34:
YY_RULE_SETUP
-#line 187 "settings/settings_lexer.l"
+#line 219 "settings/settings_lexer.l"
yyextra->string_add(yyextra, "\r");
YY_BREAK
-case 26:
+case 35:
YY_RULE_SETUP
-#line 188 "settings/settings_lexer.l"
+#line 220 "settings/settings_lexer.l"
yyextra->string_add(yyextra, "\t");
YY_BREAK
-case 27:
-/* rule 27 can match eol */
+case 36:
+/* rule 36 can match eol */
YY_RULE_SETUP
-#line 189 "settings/settings_lexer.l"
+#line 221 "settings/settings_lexer.l"
/* merge lines that end with escaped EOL characters */
YY_BREAK
-case 28:
+case 37:
YY_RULE_SETUP
-#line 190 "settings/settings_lexer.l"
+#line 222 "settings/settings_lexer.l"
yyextra->string_add(yyextra, yytext+1);
YY_BREAK
-case 29:
-/* rule 29 can match eol */
+case 38:
+/* rule 38 can match eol */
YY_RULE_SETUP
-#line 191 "settings/settings_lexer.l"
+#line 223 "settings/settings_lexer.l"
{
yyextra->string_add(yyextra, yytext);
}
YY_BREAK
case YY_STATE_EOF(INITIAL):
-#line 196 "settings/settings_lexer.l"
+case YY_STATE_EOF(ref):
+#line 228 "settings/settings_lexer.l"
{
settings_parser_pop_buffer_state(yyscanner);
if (!settings_parser_open_next_file(yyextra) && !YY_CURRENT_BUFFER)
@@ -1382,12 +1478,12 @@ case YY_STATE_EOF(INITIAL):
}
}
YY_BREAK
-case 30:
+case 39:
YY_RULE_SETUP
-#line 204 "settings/settings_lexer.l"
+#line 236 "settings/settings_lexer.l"
YY_FATAL_ERROR( "flex scanner jammed" );
YY_BREAK
-#line 1391 "settings/settings_lexer.c"
+#line 1487 "settings/settings_lexer.c"
case YY_END_OF_BUFFER:
{
@@ -1705,7 +1801,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 63 )
+ if ( yy_current_state >= 85 )
yy_c = yy_meta[(unsigned int) yy_c];
}
yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
@@ -1739,11 +1835,11 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 63 )
+ if ( yy_current_state >= 85 )
yy_c = yy_meta[(unsigned int) yy_c];
}
yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
- yy_is_jam = (yy_current_state == 62);
+ yy_is_jam = (yy_current_state == 84);
(void)yyg;
return yy_is_jam ? 0 : yy_current_state;
@@ -2778,7 +2874,7 @@ void settings_parser_free (void * ptr , yyscan_t yyscanner)
/* %ok-for-header */
-#line 204 "settings/settings_lexer.l"
+#line 236 "settings/settings_lexer.l"
diff --git a/src/libstrongswan/settings/settings_lexer.l b/src/libstrongswan/settings/settings_lexer.l
index fa1ecac10..19ab8d7b2 100644
--- a/src/libstrongswan/settings/settings_lexer.l
+++ b/src/libstrongswan/settings/settings_lexer.l
@@ -1,6 +1,6 @@
%{
/*
- * Copyright (C) 2014 Tobias Brunner
+ * Copyright (C) 2014-2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -29,7 +29,7 @@ static void include_files(parser_helper_t *ctx);
/* use start conditions stack */
%option stack
-/* do not declare unneded functions */
+/* do not declare unneeded functions */
%option noinput noyywrap
/* don't use global variables, and interact properly with bison */
@@ -49,6 +49,8 @@ static void include_files(parser_helper_t *ctx);
/* type of our extra data */
%option extra-type="parser_helper_t*"
+/* state used to scan references */
+%x ref
/* state used to scan values */
%x val
/* state used to scan include file patterns */
@@ -56,15 +58,26 @@ static void include_files(parser_helper_t *ctx);
/* state used to scan quoted strings */
%x str
+/* pattern for section/key names */
+NAME [^#{}:.,="\r\n\t ]
+
%%
[\t ]*#[^\r\n]* /* eat comments */
[\t\r ]+ /* eat whitespace */
-\n|#.*\n return NEWLINE; /* also eats comments at the end of a line */
+\n|#.*\n /* eat newlines and comments at the end of a line */
"{" |
"}" return yytext[0];
+"." return DOT;
+"," return COMMA;
+
+":" {
+ yy_push_state(ref, yyscanner);
+ return COLON;
+}
+
"=" {
yy_push_state(val, yyscanner);
return yytext[0];
@@ -80,16 +93,34 @@ static void include_files(parser_helper_t *ctx);
return STRING_ERROR;
}
-[^#{}="\r\n\t ]+ {
+{NAME}+ {
yylval->s = strdup(yytext);
return NAME;
}
+<ref>{
+ [\t ]*#[^\r\n]* /* eat comments */
+ [\t\r ]+ /* eat whitespace */
+ \n|#.*\n /* eat newlines and comments at the end of a line */
+
+ "," return COMMA;
+
+ {NAME}+(\.{NAME}+)* {
+ yylval->s = strdup(yytext);
+ return NAME;
+ }
+
+ . {
+ unput(yytext[0]);
+ yy_pop_state(yyscanner);
+ }
+}
+
<val>{
\r /* just ignore these */
[\t ]+
<<EOF>> |
- [#}\n] {
+ [#}\n] {
if (*yytext)
{
switch (yytext[0])
@@ -107,15 +138,16 @@ static void include_files(parser_helper_t *ctx);
}
}
yy_pop_state(yyscanner);
+ return NEWLINE;
}
- "\"" {
+ "\"" {
yyextra->string_init(yyextra);
yy_push_state(str, yyscanner);
}
/* same as above, but allow more characters */
- [^#}"\r\n\t ]+ {
+ [^#}"\r\n\t ]+ {
yylval->s = strdup(yytext);
return NAME;
}
diff --git a/src/libstrongswan/settings/settings_parser.c b/src/libstrongswan/settings/settings_parser.c
index 3d1a2ba27..ad3d5288c 100644
--- a/src/libstrongswan/settings/settings_parser.c
+++ b/src/libstrongswan/settings/settings_parser.c
@@ -71,7 +71,7 @@
#line 1 "settings/settings_parser.y" /* yacc.c:339 */
/*
- * Copyright (C) 2014 Tobias Brunner
+ * Copyright (C) 2014-2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -120,6 +120,7 @@ static section_t *push_section(parser_helper_t *ctx, char *name);
static section_t *pop_section(parser_helper_t *ctx);
static void add_section(parser_helper_t *ctx, section_t *section);
static void add_setting(parser_helper_t *ctx, kv_t *kv);
+static void add_references(parser_helper_t *ctx, array_t *references);
/**
* Make sure to call lexer with the proper context
@@ -131,7 +132,7 @@ static int yylex(YYSTYPE *lvalp, parser_helper_t *ctx)
}
-#line 135 "settings/settings_parser.c" /* yacc.c:339 */
+#line 136 "settings/settings_parser.c" /* yacc.c:339 */
# ifndef YY_NULLPTR
# if defined __cplusplus && 201103L <= __cplusplus
@@ -168,28 +169,35 @@ extern int settings_parser_debug;
{
NAME = 258,
STRING = 259,
- NEWLINE = 260,
- STRING_ERROR = 261
+ DOT = 260,
+ COMMA = 261,
+ COLON = 262,
+ NEWLINE = 263,
+ STRING_ERROR = 264
};
#endif
/* Tokens. */
#define NAME 258
#define STRING 259
-#define NEWLINE 260
-#define STRING_ERROR 261
+#define DOT 260
+#define COMMA 261
+#define COLON 262
+#define NEWLINE 263
+#define STRING_ERROR 264
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
union YYSTYPE
{
-#line 77 "settings/settings_parser.y" /* yacc.c:355 */
+#line 78 "settings/settings_parser.y" /* yacc.c:355 */
char *s;
struct section_t *sec;
struct kv_t *kv;
+ array_t *refs;
-#line 193 "settings/settings_parser.c" /* yacc.c:355 */
+#line 201 "settings/settings_parser.c" /* yacc.c:355 */
};
typedef union YYSTYPE YYSTYPE;
@@ -205,7 +213,7 @@ int settings_parser_parse (parser_helper_t *ctx);
/* Copy the second part of user declarations. */
-#line 209 "settings/settings_parser.c" /* yacc.c:358 */
+#line 217 "settings/settings_parser.c" /* yacc.c:358 */
#ifdef short
# undef short
@@ -447,21 +455,21 @@ union yyalloc
/* YYFINAL -- State number of the termination state. */
#define YYFINAL 2
/* YYLAST -- Last index in YYTABLE. */
-#define YYLAST 13
+#define YYLAST 19
/* YYNTOKENS -- Number of terminals. */
-#define YYNTOKENS 10
+#define YYNTOKENS 13
/* YYNNTS -- Number of nonterminals. */
-#define YYNNTS 8
+#define YYNNTS 9
/* YYNRULES -- Number of rules. */
-#define YYNRULES 15
+#define YYNRULES 17
/* YYNSTATES -- Number of states. */
-#define YYNSTATES 20
+#define YYNSTATES 24
/* YYTRANSLATE[YYX] -- Symbol number corresponding to YYX as returned
by yylex, with out-of-bounds checking. */
#define YYUNDEFTOK 2
-#define YYMAXUTOK 261
+#define YYMAXUTOK 264
#define YYTRANSLATE(YYX) \
((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
@@ -476,13 +484,13 @@ static const yytype_uint8 yytranslate[] =
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 9, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 12, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 8, 2, 7, 2, 2, 2, 2,
+ 2, 2, 2, 11, 2, 10, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
@@ -496,15 +504,15 @@ static const yytype_uint8 yytranslate[] =
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 1, 2, 3, 4,
- 5, 6
+ 5, 6, 7, 8, 9
};
#if YYDEBUG
/* YYRLINE[YYN] -- Source line where rule number YYN was defined. */
static const yytype_uint8 yyrline[] =
{
- 0, 105, 105, 107, 108, 112, 116, 123, 131, 136,
- 143, 148, 155, 156, 170, 171
+ 0, 112, 112, 114, 115, 119, 123, 130, 138, 143,
+ 152, 157, 165, 170, 177, 178, 192, 193
};
#endif
@@ -513,9 +521,10 @@ static const yytype_uint8 yyrline[] =
First, the terminals, then, starting at YYNTOKENS, nonterminals. */
static const char *const yytname[] =
{
- "$end", "error", "$undefined", "NAME", "STRING", "NEWLINE",
- "STRING_ERROR", "'}'", "'{'", "'='", "$accept", "statements",
- "statement", "section", "section_start", "setting", "value", "valuepart", YY_NULLPTR
+ "$end", "error", "$undefined", "NAME", "STRING", "\".\"", "\",\"",
+ "\":\"", "NEWLINE", "STRING_ERROR", "'}'", "'{'", "'='", "$accept",
+ "statements", "statement", "section", "section_start", "references",
+ "setting", "value", "valuepart", YY_NULLPTR
};
#endif
@@ -524,14 +533,15 @@ static const char *const yytname[] =
(internal) symbol number NUM (which must be that of a token). */
static const yytype_uint16 yytoknum[] =
{
- 0, 256, 257, 258, 259, 260, 261, 125, 123, 61
+ 0, 256, 257, 258, 259, 260, 261, 262, 263, 264,
+ 125, 123, 61
};
# endif
-#define YYPACT_NINF -11
+#define YYPACT_NINF -7
#define yypact_value_is_default(Yystate) \
- (!!((Yystate) == (-11)))
+ (!!((Yystate) == (-7)))
#define YYTABLE_NINF -1
@@ -542,8 +552,9 @@ static const yytype_uint16 yytoknum[] =
STATE-NUM. */
static const yytype_int8 yypact[] =
{
- -11, 0, -11, -1, -11, -11, -11, -11, -11, 2,
- -11, -2, 6, -11, -11, -11, -2, -11, -11, -11
+ -7, 0, -7, -6, -7, -7, -7, -7, -7, 1,
+ -7, 8, -1, -7, 4, -7, -7, 8, -7, -7,
+ 10, -7, -7, -7
};
/* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM.
@@ -552,19 +563,20 @@ static const yytype_int8 yypact[] =
static const yytype_uint8 yydefact[] =
{
2, 0, 1, 0, 3, 4, 5, 2, 6, 0,
- 8, 11, 0, 9, 14, 15, 10, 12, 7, 13
+ 8, 13, 0, 10, 0, 16, 17, 12, 14, 7,
+ 0, 9, 15, 11
};
/* YYPGOTO[NTERM-NUM]. */
static const yytype_int8 yypgoto[] =
{
- -11, 5, -11, -11, -11, -11, -11, -10
+ -7, 7, -7, -7, -7, -7, -7, -7, 2
};
/* YYDEFGOTO[NTERM-NUM]. */
static const yytype_int8 yydefgoto[] =
{
- -1, 1, 5, 6, 7, 8, 16, 17
+ -1, 1, 5, 6, 7, 14, 8, 17, 18
};
/* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If
@@ -572,36 +584,37 @@ static const yytype_int8 yydefgoto[] =
number is the opposite. If YYTABLE_NINF, syntax error. */
static const yytype_uint8 yytable[] =
{
- 2, 14, 15, 3, 9, 4, 19, 10, 11, 3,
- 13, 4, 12, 18
+ 2, 9, 3, 3, 13, 10, 11, 4, 4, 19,
+ 20, 15, 16, 23, 12, 21, 0, 0, 0, 22
};
-static const yytype_uint8 yycheck[] =
+static const yytype_int8 yycheck[] =
{
- 0, 3, 4, 3, 5, 5, 16, 8, 9, 3,
- 8, 5, 7, 7
+ 0, 7, 3, 3, 3, 11, 12, 8, 8, 10,
+ 6, 3, 4, 3, 7, 11, -1, -1, -1, 17
};
/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
symbol of state STATE-NUM. */
static const yytype_uint8 yystos[] =
{
- 0, 11, 0, 3, 5, 12, 13, 14, 15, 5,
- 8, 9, 11, 8, 3, 4, 16, 17, 7, 17
+ 0, 14, 0, 3, 8, 15, 16, 17, 19, 7,
+ 11, 12, 14, 3, 18, 3, 4, 20, 21, 10,
+ 6, 11, 21, 3
};
/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */
static const yytype_uint8 yyr1[] =
{
- 0, 10, 11, 11, 11, 12, 12, 13, 14, 14,
- 15, 15, 16, 16, 17, 17
+ 0, 13, 14, 14, 14, 15, 15, 16, 17, 17,
+ 18, 18, 19, 19, 20, 20, 21, 21
};
/* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */
static const yytype_uint8 yyr2[] =
{
- 0, 2, 0, 2, 2, 1, 1, 3, 2, 3,
- 3, 2, 1, 2, 1, 1
+ 0, 2, 0, 2, 2, 1, 1, 3, 2, 4,
+ 1, 3, 3, 2, 1, 2, 1, 1
};
@@ -1027,45 +1040,51 @@ yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep, parser_helper_t *c
switch (yytype)
{
case 3: /* NAME */
-#line 91 "settings/settings_parser.y" /* yacc.c:1257 */
+#line 97 "settings/settings_parser.y" /* yacc.c:1257 */
{ free(((*yyvaluep).s)); }
-#line 1033 "settings/settings_parser.c" /* yacc.c:1257 */
+#line 1046 "settings/settings_parser.c" /* yacc.c:1257 */
break;
case 4: /* STRING */
-#line 91 "settings/settings_parser.y" /* yacc.c:1257 */
+#line 97 "settings/settings_parser.y" /* yacc.c:1257 */
{ free(((*yyvaluep).s)); }
-#line 1039 "settings/settings_parser.c" /* yacc.c:1257 */
+#line 1052 "settings/settings_parser.c" /* yacc.c:1257 */
break;
- case 13: /* section */
-#line 93 "settings/settings_parser.y" /* yacc.c:1257 */
+ case 16: /* section */
+#line 99 "settings/settings_parser.y" /* yacc.c:1257 */
{ pop_section(ctx); settings_section_destroy(((*yyvaluep).sec), NULL); }
-#line 1045 "settings/settings_parser.c" /* yacc.c:1257 */
+#line 1058 "settings/settings_parser.c" /* yacc.c:1257 */
break;
- case 14: /* section_start */
-#line 93 "settings/settings_parser.y" /* yacc.c:1257 */
+ case 17: /* section_start */
+#line 99 "settings/settings_parser.y" /* yacc.c:1257 */
{ pop_section(ctx); settings_section_destroy(((*yyvaluep).sec), NULL); }
-#line 1051 "settings/settings_parser.c" /* yacc.c:1257 */
+#line 1064 "settings/settings_parser.c" /* yacc.c:1257 */
break;
- case 15: /* setting */
-#line 94 "settings/settings_parser.y" /* yacc.c:1257 */
+ case 18: /* references */
+#line 101 "settings/settings_parser.y" /* yacc.c:1257 */
+ { array_destroy_function(((*yyvaluep).refs), (void*)free, NULL); }
+#line 1070 "settings/settings_parser.c" /* yacc.c:1257 */
+ break;
+
+ case 19: /* setting */
+#line 100 "settings/settings_parser.y" /* yacc.c:1257 */
{ settings_kv_destroy(((*yyvaluep).kv), NULL); }
-#line 1057 "settings/settings_parser.c" /* yacc.c:1257 */
+#line 1076 "settings/settings_parser.c" /* yacc.c:1257 */
break;
- case 16: /* value */
-#line 91 "settings/settings_parser.y" /* yacc.c:1257 */
+ case 20: /* value */
+#line 97 "settings/settings_parser.y" /* yacc.c:1257 */
{ free(((*yyvaluep).s)); }
-#line 1063 "settings/settings_parser.c" /* yacc.c:1257 */
+#line 1082 "settings/settings_parser.c" /* yacc.c:1257 */
break;
- case 17: /* valuepart */
-#line 91 "settings/settings_parser.y" /* yacc.c:1257 */
+ case 21: /* valuepart */
+#line 97 "settings/settings_parser.y" /* yacc.c:1257 */
{ free(((*yyvaluep).s)); }
-#line 1069 "settings/settings_parser.c" /* yacc.c:1257 */
+#line 1088 "settings/settings_parser.c" /* yacc.c:1257 */
break;
@@ -1331,64 +1350,84 @@ yyreduce:
switch (yyn)
{
case 5:
-#line 113 "settings/settings_parser.y" /* yacc.c:1646 */
+#line 120 "settings/settings_parser.y" /* yacc.c:1646 */
{
add_section(ctx, (yyvsp[0].sec));
}
-#line 1339 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1358 "settings/settings_parser.c" /* yacc.c:1646 */
break;
case 6:
-#line 117 "settings/settings_parser.y" /* yacc.c:1646 */
+#line 124 "settings/settings_parser.y" /* yacc.c:1646 */
{
add_setting(ctx, (yyvsp[0].kv));
}
-#line 1347 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1366 "settings/settings_parser.c" /* yacc.c:1646 */
break;
case 7:
-#line 124 "settings/settings_parser.y" /* yacc.c:1646 */
+#line 131 "settings/settings_parser.y" /* yacc.c:1646 */
{
pop_section(ctx);
(yyval.sec) = (yyvsp[-2].sec);
}
-#line 1356 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1375 "settings/settings_parser.c" /* yacc.c:1646 */
break;
case 8:
-#line 132 "settings/settings_parser.y" /* yacc.c:1646 */
+#line 139 "settings/settings_parser.y" /* yacc.c:1646 */
{
(yyval.sec) = push_section(ctx, (yyvsp[-1].s));
}
-#line 1364 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1383 "settings/settings_parser.c" /* yacc.c:1646 */
break;
case 9:
-#line 137 "settings/settings_parser.y" /* yacc.c:1646 */
+#line 144 "settings/settings_parser.y" /* yacc.c:1646 */
{
- (yyval.sec) = push_section(ctx, (yyvsp[-2].s));
+ (yyval.sec) = push_section(ctx, (yyvsp[-3].s));
+ add_references(ctx, (yyvsp[-1].refs));
+ array_destroy((yyvsp[-1].refs));
}
-#line 1372 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1393 "settings/settings_parser.c" /* yacc.c:1646 */
break;
case 10:
-#line 144 "settings/settings_parser.y" /* yacc.c:1646 */
+#line 153 "settings/settings_parser.y" /* yacc.c:1646 */
{
- (yyval.kv) = settings_kv_create((yyvsp[-2].s), (yyvsp[0].s));
+ (yyval.refs) = array_create(0, 0);
+ array_insert((yyval.refs), ARRAY_TAIL, (yyvsp[0].s));
}
-#line 1380 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1402 "settings/settings_parser.c" /* yacc.c:1646 */
break;
case 11:
-#line 149 "settings/settings_parser.y" /* yacc.c:1646 */
+#line 158 "settings/settings_parser.y" /* yacc.c:1646 */
{
- (yyval.kv) = settings_kv_create((yyvsp[-1].s), NULL);
+ array_insert((yyvsp[-2].refs), ARRAY_TAIL, (yyvsp[0].s));
+ (yyval.refs) = (yyvsp[-2].refs);
}
-#line 1388 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1411 "settings/settings_parser.c" /* yacc.c:1646 */
+ break;
+
+ case 12:
+#line 166 "settings/settings_parser.y" /* yacc.c:1646 */
+ {
+ (yyval.kv) = settings_kv_create((yyvsp[-2].s), (yyvsp[0].s));
+ }
+#line 1419 "settings/settings_parser.c" /* yacc.c:1646 */
break;
case 13:
-#line 157 "settings/settings_parser.y" /* yacc.c:1646 */
+#line 171 "settings/settings_parser.y" /* yacc.c:1646 */
+ {
+ (yyval.kv) = settings_kv_create((yyvsp[-1].s), NULL);
+ }
+#line 1427 "settings/settings_parser.c" /* yacc.c:1646 */
+ break;
+
+ case 15:
+#line 179 "settings/settings_parser.y" /* yacc.c:1646 */
{ /* just put a single space between them, use strings for more */
if (asprintf(&(yyval.s), "%s %s", (yyvsp[-1].s), (yyvsp[0].s)) < 0)
{
@@ -1399,11 +1438,11 @@ yyreduce:
free((yyvsp[-1].s));
free((yyvsp[0].s));
}
-#line 1403 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1442 "settings/settings_parser.c" /* yacc.c:1646 */
break;
-#line 1407 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1446 "settings/settings_parser.c" /* yacc.c:1646 */
default: break;
}
/* User semantic actions sometimes alter yychar, and that requires
@@ -1631,7 +1670,7 @@ yyreturn:
#endif
return yyresult;
}
-#line 174 "settings/settings_parser.y" /* yacc.c:1906 */
+#line 196 "settings/settings_parser.y" /* yacc.c:1906 */
/**
@@ -1700,6 +1739,27 @@ static void add_setting(parser_helper_t *ctx, kv_t *kv)
}
/**
+ * Adds the given references to the section on top of the stack
+ */
+static void add_references(parser_helper_t *ctx, array_t *references)
+{
+ array_t *sections = (array_t*)ctx->context;
+ section_t *section;
+ enumerator_t *refs;
+ char *ref;
+
+ array_get(sections, ARRAY_TAIL, &section);
+
+ refs = array_create_enumerator(references);
+ while (refs->enumerate(refs, &ref))
+ {
+ settings_reference_add(section, ref, FALSE);
+ array_remove_at(references, refs);
+ }
+ refs->destroy(refs);
+}
+
+/**
* Parse the given file and add all sections and key/value pairs to the
* given section.
*/
diff --git a/src/libstrongswan/settings/settings_parser.h b/src/libstrongswan/settings/settings_parser.h
index b41e0d56f..7c2a82841 100644
--- a/src/libstrongswan/settings/settings_parser.h
+++ b/src/libstrongswan/settings/settings_parser.h
@@ -47,28 +47,35 @@ extern int settings_parser_debug;
{
NAME = 258,
STRING = 259,
- NEWLINE = 260,
- STRING_ERROR = 261
+ DOT = 260,
+ COMMA = 261,
+ COLON = 262,
+ NEWLINE = 263,
+ STRING_ERROR = 264
};
#endif
/* Tokens. */
#define NAME 258
#define STRING 259
-#define NEWLINE 260
-#define STRING_ERROR 261
+#define DOT 260
+#define COMMA 261
+#define COLON 262
+#define NEWLINE 263
+#define STRING_ERROR 264
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
union YYSTYPE
{
-#line 77 "settings/settings_parser.y" /* yacc.c:1909 */
+#line 78 "settings/settings_parser.y" /* yacc.c:1909 */
char *s;
struct section_t *sec;
struct kv_t *kv;
+ array_t *refs;
-#line 72 "settings/settings_parser.h" /* yacc.c:1909 */
+#line 79 "settings/settings_parser.h" /* yacc.c:1909 */
};
typedef union YYSTYPE YYSTYPE;
diff --git a/src/libstrongswan/settings/settings_parser.y b/src/libstrongswan/settings/settings_parser.y
index 2ab9ea723..cc1c91775 100644
--- a/src/libstrongswan/settings/settings_parser.y
+++ b/src/libstrongswan/settings/settings_parser.y
@@ -1,6 +1,6 @@
%{
/*
- * Copyright (C) 2014 Tobias Brunner
+ * Copyright (C) 2014-2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -49,6 +49,7 @@ static section_t *push_section(parser_helper_t *ctx, char *name);
static section_t *pop_section(parser_helper_t *ctx);
static void add_section(parser_helper_t *ctx, section_t *section);
static void add_setting(parser_helper_t *ctx, kv_t *kv);
+static void add_references(parser_helper_t *ctx, array_t *references);
/**
* Make sure to call lexer with the proper context
@@ -78,20 +79,26 @@ static int yylex(YYSTYPE *lvalp, parser_helper_t *ctx)
char *s;
struct section_t *sec;
struct kv_t *kv;
+ array_t *refs;
}
%token <s> NAME STRING
+%token DOT "."
+%token COMMA ","
+%token COLON ":"
%token NEWLINE STRING_ERROR
/* ...and other symbols */
%type <s> value valuepart
%type <sec> section_start section
%type <kv> setting
+%type <refs> references
/* properly destroy string tokens that are strdup()ed on error */
%destructor { free($$); } NAME STRING value valuepart
/* properly destroy parse results on error */
%destructor { pop_section(ctx); settings_section_destroy($$, NULL); } section_start section
%destructor { settings_kv_destroy($$, NULL); } setting
+%destructor { array_destroy_function($$, (void*)free, NULL); } references
/* there are two shift/reduce conflicts because of the "NAME = NAME" and
* "NAME {" ambiguity, and the "NAME =" rule) */
@@ -133,9 +140,24 @@ section_start:
$$ = push_section(ctx, $NAME);
}
|
- NAME NEWLINE '{'
+ NAME ":" references '{'
{
$$ = push_section(ctx, $NAME);
+ add_references(ctx, $references);
+ array_destroy($references);
+ }
+ ;
+
+references:
+ NAME
+ {
+ $$ = array_create(0, 0);
+ array_insert($$, ARRAY_TAIL, $1);
+ }
+ | references "," NAME
+ {
+ array_insert($1, ARRAY_TAIL, $3);
+ $$ = $1;
}
;
@@ -239,6 +261,27 @@ static void add_setting(parser_helper_t *ctx, kv_t *kv)
}
/**
+ * Adds the given references to the section on top of the stack
+ */
+static void add_references(parser_helper_t *ctx, array_t *references)
+{
+ array_t *sections = (array_t*)ctx->context;
+ section_t *section;
+ enumerator_t *refs;
+ char *ref;
+
+ array_get(sections, ARRAY_TAIL, &section);
+
+ refs = array_create_enumerator(references);
+ while (refs->enumerate(refs, &ref))
+ {
+ settings_reference_add(section, ref, FALSE);
+ array_remove_at(references, refs);
+ }
+ refs->destroy(refs);
+}
+
+/**
* Parse the given file and add all sections and key/value pairs to the
* given section.
*/
diff --git a/src/libstrongswan/settings/settings_types.c b/src/libstrongswan/settings/settings_types.c
index 1c2d61de7..625b70409 100644
--- a/src/libstrongswan/settings/settings_types.c
+++ b/src/libstrongswan/settings/settings_types.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010-2014 Tobias Brunner
+ * Copyright (C) 2010-2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -69,6 +69,12 @@ static void kv_destroy(kv_t *kv, int idx, array_t *contents)
settings_kv_destroy(kv, contents);
}
+static void ref_destroy(section_ref_t *ref, int idx, void *ctx)
+{
+ free(ref->name);
+ free(ref);
+}
+
/*
* Described in header
*/
@@ -78,7 +84,7 @@ void settings_section_destroy(section_t *this, array_t *contents)
array_destroy(this->sections_order);
array_destroy_function(this->kv, (void*)kv_destroy, contents);
array_destroy(this->kv_order);
- array_destroy(this->fallbacks);
+ array_destroy_function(this->references, (void*)ref_destroy, NULL);
free(this->name);
free(this);
}
@@ -130,6 +136,35 @@ void settings_kv_add(section_t *section, kv_t *kv, array_t *contents)
}
/*
+ * Described in header
+ */
+void settings_reference_add(section_t *section, char *name, bool permanent)
+{
+ section_ref_t *ref;
+ int i;
+
+ for (i = 0; i < array_count(section->references); i++)
+ {
+ array_get(section->references, i, &ref);
+ if (ref->permanent && !permanent)
+ { /* add it before any permanent references */
+ break;
+ }
+ if (ref->permanent == permanent && streq(name, ref->name))
+ {
+ free(name);
+ return;
+ }
+ }
+
+ INIT(ref,
+ .name = name,
+ .permanent = permanent,
+ );
+ array_insert_create(&section->references, i, ref);
+}
+
+/*
* Add a section to the given parent, optionally remove settings/subsections
* not found when extending an existing section
*/
@@ -167,14 +202,28 @@ void settings_section_add(section_t *parent, section_t *section,
static bool section_purge(section_t *this, array_t *contents)
{
section_t *current;
+ section_ref_t *ref;
int i, idx;
array_destroy_function(this->kv, (void*)kv_destroy, contents);
this->kv = NULL;
array_destroy(this->kv_order);
this->kv_order = NULL;
- /* we ensure sections used as fallback, or configured with fallbacks (or
- * having any such subsections) are not removed */
+ /* remove non-permanent references */
+ for (i = array_count(this->references) - 1; i >= 0; i--)
+ {
+ array_get(this->references, i, &ref);
+ if (!ref->permanent)
+ {
+ array_remove(this->references, i, NULL);
+ ref_destroy(ref, 0, NULL);
+ }
+ }
+ if (!array_count(this->references))
+ {
+ array_destroy(this->references);
+ this->references = NULL;
+ }
for (i = array_count(this->sections_order) - 1; i >= 0; i--)
{
array_get(this->sections_order, i, &current);
@@ -187,7 +236,9 @@ static bool section_purge(section_t *this, array_t *contents)
settings_section_destroy(current, contents);
}
}
- return !this->fallbacks && !array_count(this->sections);
+ /* we ensure sections configured with permanent references (or having any
+ * such subsections) are not removed */
+ return !this->references && !array_count(this->sections);
}
/*
@@ -198,14 +249,15 @@ void settings_section_extend(section_t *base, section_t *extension,
{
enumerator_t *enumerator;
section_t *section;
+ section_ref_t *ref;
kv_t *kv;
array_t *sections = NULL, *kvs = NULL;
int idx;
if (purge)
- { /* remove sections and settings in base not found in extension, the
- * others are removed too (from the _order list) so they can be inserted
- * in the order found in extension */
+ { /* remove sections, settings in base not found in extension, the others
+ * are removed too (from the _order list) so they can be inserted in the
+ * order found in extension, non-permanent references are removed */
enumerator = array_create_enumerator(base->sections_order);
while (enumerator->enumerate(enumerator, (void**)&section))
{
@@ -245,6 +297,18 @@ void settings_section_extend(section_t *base, section_t *extension,
array_sort(kvs, settings_kv_sort, NULL);
}
}
+
+ enumerator = array_create_enumerator(base->references);
+ while (enumerator->enumerate(enumerator, (void**)&ref))
+ {
+ if (ref->permanent)
+ { /* permanent references are ignored */
+ continue;
+ }
+ array_remove_at(base->references, enumerator);
+ ref_destroy(ref, 0, NULL);
+ }
+ enumerator->destroy(enumerator);
}
while (array_remove(extension->sections_order, 0, &section))
@@ -278,6 +342,16 @@ void settings_section_extend(section_t *base, section_t *extension,
array_remove(extension->kv, idx, NULL);
settings_kv_add(base, kv, contents);
}
+
+ while (array_remove(extension->references, 0, &ref))
+ {
+ if (ref->permanent)
+ { /* ignore permanent references in the extension */
+ continue;
+ }
+ settings_reference_add(base, strdup(ref->name), FALSE);
+ ref_destroy(ref, 0, NULL);
+ }
array_destroy(sections);
array_destroy(kvs);
}
diff --git a/src/libstrongswan/settings/settings_types.h b/src/libstrongswan/settings/settings_types.h
index 82bcb230a..8163a0134 100644
--- a/src/libstrongswan/settings/settings_types.h
+++ b/src/libstrongswan/settings/settings_types.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010-2014 Tobias Brunner
+ * Copyright (C) 2010-2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -24,6 +24,7 @@
#define SETTINGS_TYPES_H_
typedef struct kv_t kv_t;
+typedef struct section_ref_t section_ref_t;
typedef struct section_t section_t;
#include "collections/array.h"
@@ -45,6 +46,23 @@ struct kv_t {
};
/**
+ * Section reference.
+ */
+struct section_ref_t {
+
+ /**
+ * Name of the referenced section.
+ */
+ char *name;
+
+ /**
+ * TRUE for permanent references that were added programmatically via
+ * add_fallback() and are not removed during reloads/purges.
+ */
+ bool permanent;
+};
+
+/**
* Section containing subsections and key value pairs.
*/
struct section_t {
@@ -55,9 +73,9 @@ struct section_t {
char *name;
/**
- * Fallback sections, as section_t.
+ * Referenced sections, as section_ref_t.
*/
- array_t *fallbacks;
+ array_t *references;
/**
* Subsections, as section_t.
@@ -116,6 +134,15 @@ void settings_kv_set(kv_t *kv, char *value, array_t *contents);
void settings_kv_add(section_t *section, kv_t *kv, array_t *contents);
/**
+ * Add a reference to another section.
+ *
+ * @param section section to which to add the reference
+ * @param name name of the referenced section (adopted)
+ * @param permanent whether the reference is not removed during reloads
+ */
+void settings_reference_add(section_t *section, char *name, bool permanent);
+
+/**
* Create a section with the given name.
*
* @param name name (gets adopted)
diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in
index 20cb27cf3..82bb640a8 100644
--- a/src/libstrongswan/tests/Makefile.in
+++ b/src/libstrongswan/tests/Makefile.in
@@ -354,7 +354,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -380,6 +379,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -400,8 +401,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -456,8 +455,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -486,8 +483,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/tests/suites/test_identification.c b/src/libstrongswan/tests/suites/test_identification.c
index c0a21fe34..4b2202431 100644
--- a/src/libstrongswan/tests/suites/test_identification.c
+++ b/src/libstrongswan/tests/suites/test_identification.c
@@ -234,6 +234,12 @@ static struct {
.data.c = chunk_from_chars(0xc0,0xa8,0x01,0x01) }},
{ "email:tester", ID_RFC822_ADDR, { .type = ENC_STRING,
.data.s = "tester" }},
+ {"xmppaddr:bob@strongswan.org", ID_DER_ASN1_GN, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xa0,0x20,0x06,0x08,0x2b,0x06,0x01,0x05,
+ 0x05,0x07,0x08,0x05,0xa0,0x14,0x0c,0x12,
+ 0x62,0x6f,0x62,0x40,0x73,0x74,0x72,0x6f,
+ 0x6e,0x67,0x73,0x77,0x61,0x6e,0x2e,0x6f,
+ 0x72,0x67) }},
{ "{1}:#c0a80101", ID_IPV4_ADDR, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0xc0,0xa8,0x01,0x01) }},
{ "{0x02}:tester", ID_FQDN, { .type = ENC_STRING,
diff --git a/src/libstrongswan/tests/suites/test_linked_list_enumerator.c b/src/libstrongswan/tests/suites/test_linked_list_enumerator.c
index 19f381ef3..30b7b5c11 100644
--- a/src/libstrongswan/tests/suites/test_linked_list_enumerator.c
+++ b/src/libstrongswan/tests/suites/test_linked_list_enumerator.c
@@ -144,11 +144,12 @@ START_TEST(test_insert_before_ends)
int round;
enumerator = list->create_enumerator(list);
+ /* this does not change the enumerator position, which points to 1 */
list->insert_before(list, enumerator, (void*)0);
ck_assert_int_eq(list->get_count(list), 6);
ck_assert(list->get_first(list, (void*)&x) == SUCCESS);
ck_assert_int_eq(x, 0);
- round = 0;
+ round = 1;
while (enumerator->enumerate(enumerator, &x))
{
ck_assert_int_eq(round, x);
@@ -177,8 +178,13 @@ START_TEST(test_insert_before_empty)
ck_assert_int_eq(x, 1);
ck_assert(list->get_last(list, (void*)&x) == SUCCESS);
ck_assert_int_eq(x, 1);
- ck_assert(enumerator->enumerate(enumerator, &x));
+ ck_assert(!enumerator->enumerate(enumerator, &x));
+ list->insert_before(list, enumerator, (void*)2);
+ ck_assert_int_eq(list->get_count(list), 2);
+ ck_assert(list->get_first(list, (void*)&x) == SUCCESS);
ck_assert_int_eq(x, 1);
+ ck_assert(list->get_last(list, (void*)&x) == SUCCESS);
+ ck_assert_int_eq(x, 2);
ck_assert(!enumerator->enumerate(enumerator, NULL));
enumerator->destroy(enumerator);
}
@@ -221,6 +227,43 @@ START_TEST(test_remove_at)
}
END_TEST
+START_TEST(test_remove_at_multi)
+{
+ enumerator_t *enumerator;
+ intptr_t x;
+ int round;
+
+ round = 1;
+ enumerator = list->create_enumerator(list);
+ while (enumerator->enumerate(enumerator, &x))
+ {
+ ck_assert_int_eq(round, x);
+ if (round == 2 || round == 5)
+ {
+ list->remove_at(list, enumerator);
+ }
+ round++;
+ }
+ ck_assert_int_eq(list->get_count(list), 3);
+ list->reset_enumerator(list, enumerator);
+ round = 1;
+ while (enumerator->enumerate(enumerator, &x))
+ {
+ if (round == 2)
+ { /* skip removed item */
+ round++;
+ }
+ ck_assert_int_eq(round, x);
+ list->remove_at(list, enumerator);
+ round++;
+ }
+ ck_assert_int_eq(list->get_count(list), 0);
+ list->reset_enumerator(list, enumerator);
+ ck_assert(!enumerator->enumerate(enumerator, &x));
+ enumerator->destroy(enumerator);
+}
+END_TEST
+
START_TEST(test_remove_at_ends)
{
enumerator_t *enumerator;
@@ -228,14 +271,14 @@ START_TEST(test_remove_at_ends)
enumerator = list->create_enumerator(list);
list->remove_at(list, enumerator);
- ck_assert_int_eq(list->get_count(list), 5);
+ ck_assert_int_eq(list->get_count(list), 4);
ck_assert(list->get_first(list, (void*)&x) == SUCCESS);
- ck_assert_int_eq(x, 1);
+ ck_assert_int_eq(x, 2);
while (enumerator->enumerate(enumerator, &x))
{
}
list->remove_at(list, enumerator);
- ck_assert_int_eq(list->get_count(list), 5);
+ ck_assert_int_eq(list->get_count(list), 4);
ck_assert(list->get_last(list, (void*)&x) == SUCCESS);
ck_assert_int_eq(x, 5);
enumerator->destroy(enumerator);
@@ -254,14 +297,12 @@ START_TEST(test_insert_before_remove_at)
{
ck_assert_int_eq(round, x);
if (round == 2)
- { /* this replaces the current item, as insert_before does not change
- * the enumerator position */
+ { /* this replaces the current item */
list->insert_before(list, enumerator, (void*)42);
list->remove_at(list, enumerator);
}
else if (round == 4)
- { /* this does not replace the item, as remove_at moves the enumerator
- * position to the previous item */
+ { /* same here, the order of calls does not matter */
list->remove_at(list, enumerator);
list->insert_before(list, enumerator, (void*)21);
}
@@ -276,13 +317,9 @@ START_TEST(test_insert_before_remove_at)
{ /* check replaced item */
ck_assert_int_eq(42, x);
}
- else if (round == 3)
- { /* check misplaced item */
- ck_assert_int_eq(21, x);
- }
else if (round == 4)
- { /* check misplaced item */
- ck_assert_int_eq(3, x);
+ { /* check replace item */
+ ck_assert_int_eq(21, x);
}
else
{
@@ -348,6 +385,7 @@ Suite *linked_list_enumerator_suite_create()
tc = tcase_create("modify");
tcase_add_checked_fixture(tc, setup_list, teardown_list);
tcase_add_test(tc, test_remove_at);
+ tcase_add_test(tc, test_remove_at_multi);
tcase_add_test(tc, test_remove_at_ends);
tcase_add_test(tc, test_insert_before_remove_at);
suite_add_tcase(s, tc);
diff --git a/src/libstrongswan/tests/suites/test_printf.c b/src/libstrongswan/tests/suites/test_printf.c
index 377f2a767..ac2b858bb 100644
--- a/src/libstrongswan/tests/suites/test_printf.c
+++ b/src/libstrongswan/tests/suites/test_printf.c
@@ -204,7 +204,7 @@ Suite *printf_suite_create()
tcase_add_test(tc, test_printf_err);
suite_add_tcase(s, tc);
- tc = tcase_create("unsiged");
+ tc = tcase_create("unsigned");
tcase_add_test(tc, test_printf_unsigned);
suite_add_tcase(s, tc);
diff --git a/src/libstrongswan/tests/suites/test_proposal.c b/src/libstrongswan/tests/suites/test_proposal.c
index 938fa38aa..099cd19c7 100644
--- a/src/libstrongswan/tests/suites/test_proposal.c
+++ b/src/libstrongswan/tests/suites/test_proposal.c
@@ -102,7 +102,12 @@ static struct {
{ PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256", "aes128-sha256" },
{ PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072-modpnone", "aes128-sha256" },
{ PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072" },
- { PROTO_ESP, "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone" },
+ { PROTO_ESP, "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256" },
+ { PROTO_ESP, "aes128-sha256-esn", "aes128-sha256-esn", "aes128-sha256-esn" },
+ { PROTO_ESP, "aes128-sha256-noesn", "aes128-sha256-esn", NULL },
+ { PROTO_ESP, "aes128-sha256-noesn-esn", "aes128-sha256-esn", "aes128-sha256-esn" },
+ { PROTO_ESP, "aes128-sha256-noesn-esn", "aes128-sha256", "aes128-sha256" },
+ { PROTO_ESP, "aes128-sha256-esn-noesn", "aes128-sha256-noesn-esn", "aes128-sha256-esn" },
{ PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072", "aes128-sha256-modp3072" },
{ PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072" },
{ PROTO_IKE, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072", "aes128-sha256-modp3072" },
@@ -159,6 +164,29 @@ START_TEST(test_select_spi)
}
END_TEST
+START_TEST(test_matches)
+{
+ proposal_t *self, *other;
+
+ self = proposal_create_from_string(select_data[_i].proto,
+ select_data[_i].self);
+ other = proposal_create_from_string(select_data[_i].proto,
+ select_data[_i].other);
+ if (select_data[_i].expected)
+ {
+ ck_assert(self->matches(self, other, FALSE));
+ ck_assert(other->matches(other, self, FALSE));
+ }
+ else
+ {
+ ck_assert(!self->matches(self, other, FALSE));
+ ck_assert(!other->matches(other, self, FALSE));
+ }
+ other->destroy(other);
+ self->destroy(self);
+}
+END_TEST
+
START_TEST(test_promote_dh_group)
{
proposal_t *proposal;
@@ -312,6 +340,10 @@ Suite *proposal_suite_create()
tcase_add_test(tc, test_select_spi);
suite_add_tcase(s, tc);
+ tc = tcase_create("matches");
+ tcase_add_loop_test(tc, test_matches, 0, countof(select_data));
+ suite_add_tcase(s, tc);
+
tc = tcase_create("promote_dh_group");
tcase_add_test(tc, test_promote_dh_group);
tcase_add_test(tc, test_promote_dh_group_already_front);
diff --git a/src/libstrongswan/tests/suites/test_rsa.c b/src/libstrongswan/tests/suites/test_rsa.c
index 3f6353404..e6dc7744a 100644
--- a/src/libstrongswan/tests/suites/test_rsa.c
+++ b/src/libstrongswan/tests/suites/test_rsa.c
@@ -146,7 +146,7 @@ static void test_bad_sigs(public_key_t *pubkey)
* RSA key sizes to test
*/
static int key_sizes[] = {
- 768, 1024, 1536, 2048, 3072, 4096,
+ 1024, 1536, 2048, 3072, 4096,
};
START_TEST(test_gen)
diff --git a/src/libstrongswan/tests/suites/test_settings.c b/src/libstrongswan/tests/suites/test_settings.c
index 0759f7013..e0609605c 100644
--- a/src/libstrongswan/tests/suites/test_settings.c
+++ b/src/libstrongswan/tests/suites/test_settings.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014 Tobias Brunner
+ * Copyright (C) 2014-2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -452,9 +452,10 @@ static void verify_sections(linked_list_t *verifier, char *parent)
enumerator = settings->create_section_enumerator(settings, parent);
ver = verifier->create_enumerator(verifier);
- while (enumerator->enumerate(enumerator, &section) &&
- ver->enumerate(ver, &current))
+ while (enumerator->enumerate(enumerator, &section))
{
+ ck_assert_msg(ver->enumerate(ver, &current),
+ "no more sections expected, found %s", section);
ck_assert_str_eq(section, current);
verifier->remove_at(verifier, ver);
}
@@ -498,10 +499,11 @@ static void verify_key_values(linked_list_t *keys, linked_list_t *values,
enumerator = settings->create_key_value_enumerator(settings, parent);
enum_keys = keys->create_enumerator(keys);
enum_values = values->create_enumerator(values);
- while (enumerator->enumerate(enumerator, &key, &value) &&
- enum_keys->enumerate(enum_keys, &current_key) &&
- enum_values->enumerate(enum_values, &current_value))
+ while (enumerator->enumerate(enumerator, &key, &value))
{
+ ck_assert_msg(enum_keys->enumerate(enum_keys, &current_key),
+ "no more key/value expected, found %s = %s", key, value);
+ ck_assert(enum_values->enumerate(enum_values, &current_value));
ck_assert_str_eq(current_key, key);
ck_assert_str_eq(current_value, value);
keys->remove_at(keys, enum_keys);
@@ -519,8 +521,8 @@ START_TEST(test_key_value_enumerator)
{
linked_list_t *keys, *values;
- keys = linked_list_create_with_items("key1", "key2", "empty", "key3", NULL);
- values = linked_list_create_with_items("val1", "with space", "", "string with\nnewline", NULL);
+ keys = linked_list_create_with_items("key1", "key2", "empty", "key3", "key4", "key5", NULL);
+ values = linked_list_create_with_items("val1", "with space", "", "string with\nnewline", "multi line\nstring", "escaped newline", NULL);
verify_key_values(keys, values, "main");
keys = linked_list_create_with_items("key", "key2", "subsub", NULL);
@@ -894,7 +896,6 @@ START_TEST(test_load_string)
}
END_TEST
-
START_TEST(test_load_string_section)
{
char *content =
@@ -914,13 +915,6 @@ START_TEST(test_load_string_section)
ck_assert(settings->load_string_section(settings, include_content2, TRUE, "main.sub1"));
verify_include();
- /* invalid strings are a failure */
- ck_assert(!settings->load_string_section(settings, "conf {", TRUE, ""));
- /* NULL or empty strings are OK though */
- ck_assert(settings->load_string_section(settings, "", TRUE, ""));
- ck_assert(settings->load_string_section(settings, NULL, TRUE, ""));
- verify_include();
-
ck_assert(settings->load_string_section(settings, include_content2, FALSE, "main"));
verify_null("main.key1");
verify_string("v2", "main.key2");
@@ -934,6 +928,56 @@ START_TEST(test_load_string_section)
}
END_TEST
+START_TEST(test_load_string_section_null)
+{
+ linked_list_t *keys, *values;
+
+ char *content =
+ "main {\n"
+ " key1 = val1\n"
+ " key2 = val2\n"
+ " none = x\n"
+ " sub1 {\n"
+ " include = value\n"
+ " key2 = value2\n"
+ " }\n"
+ "}";
+
+ settings = settings_create_string(content);
+
+ ck_assert(settings->load_string_section(settings, include_content1, TRUE, ""));
+ ck_assert(settings->load_string_section(settings, include_content2, TRUE, "main.sub1"));
+ verify_include();
+
+ /* invalid strings are a failure */
+ ck_assert(!settings->load_string_section(settings, "conf {", TRUE, ""));
+ /* NULL or empty strings are OK though when merging */
+ ck_assert(settings->load_string_section(settings, "", TRUE, ""));
+ ck_assert(settings->load_string_section(settings, NULL, TRUE, ""));
+ verify_include();
+
+ /* they do purge the settings if merge is not TRUE */
+ ck_assert(settings->load_string_section(settings, "", FALSE, "main"));
+ verify_null("main.key1");
+ verify_null("main.sub1.key2");
+
+ keys = linked_list_create_with_items(NULL);
+ verify_sections(keys, "main");
+
+ keys = linked_list_create_with_items(NULL);
+ values = linked_list_create_with_items(NULL);
+ verify_key_values(keys, values, "main");
+
+ keys = linked_list_create_with_items("main", NULL);
+ verify_sections(keys, "");
+
+ ck_assert(settings->load_string_section(settings, NULL, FALSE, ""));
+
+ keys = linked_list_create_with_items(NULL);
+ verify_sections(keys, "");
+}
+END_TEST
+
START_SETUP(setup_fallback_config)
{
create_settings(chunk_from_str(
@@ -1037,6 +1081,50 @@ START_TEST(test_add_fallback)
}
END_TEST
+START_TEST(test_fallback_resolution)
+{
+ linked_list_t *keys, *values;
+
+ settings->destroy(settings);
+ create_settings(chunk_from_str(
+ "base {\n"
+ " sub {\n"
+ " key1 = val1\n"
+ " key2 = val2\n"
+ " key5 = val5\n"
+ " subsub {\n"
+ " subkey1 = subval1\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "other {\n"
+ " sub {\n"
+ " key3 = val3\n"
+ " key4 = val4\n"
+ " }\n"
+ "}\n"
+ "main {\n"
+ " sub {\n"
+ " key4=\n"
+ " key5 = \n"
+ " }\n"
+ "}"));
+
+ settings->add_fallback(settings, "other", "base");
+ settings->add_fallback(settings, "main.sub", "other.sub");
+
+ verify_string("val1", "main.sub.key1");
+ verify_string("val3", "main.sub.key3");
+ verify_null("main.sub.key4");
+ verify_null("main.sub.key5");
+ verify_string("subval1", "main.sub.subsub.subkey1");
+
+ keys = linked_list_create_with_items("key3", "key1", "key2", NULL);
+ values = linked_list_create_with_items("val3", "val1", "val2", NULL);
+ verify_key_values(keys, values, "main.sub");
+}
+END_TEST
+
START_TEST(test_add_fallback_printf)
{
settings->add_fallback(settings, "%s.sub1", "sub", "main");
@@ -1051,6 +1139,264 @@ START_TEST(test_add_fallback_printf)
}
END_TEST
+START_TEST(test_references)
+{
+ linked_list_t *keys, *values;
+
+ create_settings(chunk_from_str(
+ "main {\n"
+ " sub1 {\n"
+ " key1 = sub1val1\n"
+ " key2 = sub1val2\n"
+ " key4 = sub1val4\n"
+ " subsub {\n"
+ " subkey1 = sub1subsubval1\n"
+ " subkey2 = sub1subsubval2\n"
+ " }\n"
+ " subsub1 {\n"
+ " subkey1 = sub1subsub1val1\n"
+ " }\n"
+ " }\n"
+ " sub2 : main.sub1 {\n"
+ " key2 = sub2val2\n"
+ " key3 = sub2val3\n"
+ " key4 =\n"
+ " subsub {\n"
+ " subkey1 = sub2subsubval1\n"
+ " subkey3 = sub2subsubval3\n"
+ " }\n"
+ " }\n"
+ "}"));
+
+ verify_string("sub1val1", "main.sub2.key1");
+ verify_string("sub2val2", "main.sub2.key2");
+ verify_string("sub2val3", "main.sub2.key3");
+ verify_null("main.sub2.key4");
+ verify_string("sub2subsubval1", "main.sub2.subsub.subkey1");
+ verify_string("sub1subsubval2", "main.sub2.subsub.subkey2");
+ verify_string("sub2subsubval3", "main.sub2.subsub.subkey3");
+ verify_string("sub1subsub1val1", "main.sub2.subsub1.subkey1");
+
+ keys = linked_list_create_with_items("subsub", "subsub1", NULL);
+ verify_sections(keys, "main.sub2");
+
+ keys = linked_list_create_with_items("key2", "key3", "key1", NULL);
+ values = linked_list_create_with_items("sub2val2", "sub2val3", "sub1val1", NULL);
+ verify_key_values(keys, values, "main.sub2");
+
+ keys = linked_list_create_with_items("subkey1", "subkey3", "subkey2", NULL);
+ values = linked_list_create_with_items("sub2subsubval1", "sub2subsubval3", "sub1subsubval2", NULL);
+ verify_key_values(keys, values, "main.sub2.subsub");
+}
+END_TEST
+
+START_TEST(test_references_templates)
+{
+ create_settings(chunk_from_str(
+ "sub-def {\n"
+ " key1 = sub1val1\n"
+ " key2 = sub1val2\n"
+ " subsub {\n"
+ " subkey1 = sub1subsubval1\n"
+ " }\n"
+ "}\n"
+ "subsub-def {\n"
+ " subkey1 = sub1subval1\n"
+ " subkey2 = sub1subval1\n"
+ "}\n"
+ "main {\n"
+ " sub1 : sub-def {\n"
+ " key1 = mainsub1val1\n"
+ " subsub : subsub-def {\n"
+ " subkey1 = mainsub1subval1\n"
+ " }\n"
+ " subsub1 {\n"
+ " subkey1 = mainsub1sub1val1\n"
+ " }\n"
+ " }\n"
+ " sub2 : sub-def {\n"
+ " key2 = mainsub2val2\n"
+ " key3 = mainsub2val3\n"
+ " subsub {\n"
+ " subkey3 = mainsub2subsubval3\n"
+ " }\n"
+ " }\n"
+ "}"));
+
+ verify_string("mainsub1val1", "main.sub1.key1");
+ verify_string("sub1val2", "main.sub1.key2");
+ verify_string("mainsub1subval1", "main.sub1.subsub.subkey1");
+ verify_string("sub1subval1", "main.sub1.subsub.subkey2");
+ verify_string("mainsub1sub1val1", "main.sub1.subsub1.subkey1");
+ verify_string("sub1val1", "main.sub2.key1");
+ verify_string("mainsub2val2", "main.sub2.key2");
+ verify_string("mainsub2val3", "main.sub2.key3");
+ verify_string("sub1subsubval1", "main.sub2.subsub.subkey1");
+ verify_null("main.sub2.subsub.subkey2");
+ verify_string("mainsub2subsubval3", "main.sub2.subsub.subkey3");
+}
+END_TEST
+
+START_TEST(test_references_order)
+{
+ linked_list_t *keys, *values;
+
+ create_settings(chunk_from_str(
+ "main {\n"
+ " sub1 {\n"
+ " key1 = sub1val1\n"
+ " key2 = sub1val2\n"
+ " subsub1 {\n"
+ " }\n"
+ " }\n"
+ " sub2 {\n"
+ " key2 = sub2val2\n"
+ " key3 = sub2val3\n"
+ " subsub2 {\n"
+ " }\n"
+ " }\n"
+ " sub3 : main.sub1, main.sub2 {\n"
+ " key3 = sub3val3\n"
+ " }\n"
+ " sub4 : main.sub2, main.sub1 {\n"
+ " key3 = sub4val3\n"
+ " }\n"
+ "}"));
+
+ verify_string("sub1val2", "main.sub3.key2");
+ verify_string("sub3val3", "main.sub3.key3");
+ verify_string("sub2val2", "main.sub4.key2");
+ verify_string("sub4val3", "main.sub4.key3");
+
+ /* the order of referenced keys/subsections depends on the reference
+ * statement's order */
+ keys = linked_list_create_with_items("subsub1", "subsub2", NULL);
+ verify_sections(keys, "main.sub3");
+
+ keys = linked_list_create_with_items("subsub2", "subsub1", NULL);
+ verify_sections(keys, "main.sub4");
+
+ /* local keys are always enumerated first */
+ keys = linked_list_create_with_items("key3", "key1", "key2", NULL);
+ values = linked_list_create_with_items("sub3val3", "sub1val1", "sub1val2", NULL);
+ verify_key_values(keys, values, "main.sub3");
+
+ keys = linked_list_create_with_items("key3", "key2", "key1", NULL);
+ values = linked_list_create_with_items("sub4val3", "sub2val2", "sub1val1", NULL);
+ verify_key_values(keys, values, "main.sub4");
+}
+END_TEST
+
+START_TEST(test_references_resolution)
+{
+ linked_list_t *keys, *values;
+
+ create_settings(chunk_from_str(
+ "sec-a {\n"
+ " sub1 {\n"
+ " a1 = val-a1\n"
+ " key = sec-a-val1\n"
+ " sub-a {\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "sec-b : sec-a {\n"
+ " sub1 {\n"
+ " b1 = val-b1\n"
+ " key = sec-b-val1\n"
+ " sub-b1 {\n"
+ " }\n"
+ " }\n"
+ " sub2 {\n"
+ " b2 = val-b2\n"
+ " key = sec-b-val2\n"
+ " sub-b2 {\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "sec-c : sec-b {\n"
+ " sub2 : sec-b.sub1 {\n"
+ " c2 = val-c2\n"
+ " key = sec-c-val2\n"
+ " sub-c2 {\n"
+ " }\n"
+ " }\n"
+ "}"));
+
+ verify_string("sec-c-val2", "sec-c.sub2.key");
+ settings_remove_value(settings, "sec-c.sub2.key");
+ verify_string("sec-b-val1", "sec-c.sub2.key");
+ settings_remove_value(settings, "sec-b.sub1.key");
+ verify_string("sec-a-val1", "sec-c.sub2.key");
+ settings_remove_value(settings, "sec-a.sub1.key");
+ verify_string("sec-b-val2", "sec-c.sub2.key");
+ settings_remove_value(settings, "sec-b.sub2.key");
+ verify_null("sec-c.sub2.key");
+
+ keys = linked_list_create_with_items("sub-c2", "sub-b1", "sub-a", "sub-b2", NULL);
+ verify_sections(keys, "sec-c.sub2");
+
+ keys = linked_list_create_with_items("c2", "b1", "a1", "b2", NULL);
+ values = linked_list_create_with_items("val-c2", "val-b1", "val-a1", "val-b2", NULL);
+ verify_key_values(keys, values, "sec-c.sub2");
+}
+END_TEST
+
+START_TEST(test_references_fallback)
+{
+ linked_list_t *keys, *values;
+
+#define test_references_fallback_base_settings \
+ "lib {\n" \
+ " key1 = libval1\n" \
+ " keylib = libval\n" \
+ " sub {\n" \
+ " key1 = libsubval1\n" \
+ " }\n" \
+ " libsub {\n" \
+ " }\n" \
+ "}\n" \
+ "other {\n" \
+ " key1 = otherval1\n" \
+ " keyother = otherval\n" \
+ " sub {\n" \
+ " key1 = othersubval1\n" \
+ " }\n" \
+ " othersub {\n" \
+ " }\n" \
+ "}\n"
+
+ create_settings(chunk_from_str(
+ test_references_fallback_base_settings "app : other {}"));
+
+ /* references have precedence over fallbacks */
+ settings->add_fallback(settings, "app", "lib");
+ verify_string("otherval1", "app.key1");
+ verify_string("libval", "app.keylib");
+ verify_string("othersubval1", "app.sub.key1");
+
+ keys = linked_list_create_with_items("sub", "othersub", "libsub", NULL);
+ verify_sections(keys, "app");
+
+ keys = linked_list_create_with_items("key1", "keyother", "keylib", NULL);
+ values = linked_list_create_with_items("otherval1", "otherval", "libval", NULL);
+ verify_key_values(keys, values, "app");
+
+ /* fallbacks are unaffected when reloading configs with references */
+ ck_assert(settings->load_string_section(settings,
+ test_references_fallback_base_settings "app {}", FALSE, ""));
+ verify_string("libval1", "app.key1");
+ verify_string("libval", "app.keylib");
+ verify_string("libsubval1", "app.sub.key1");
+
+ ck_assert(settings->load_string_section(settings,
+ test_references_fallback_base_settings "app : other {}", FALSE, ""));
+ verify_string("otherval1", "app.key1");
+ verify_string("libval", "app.keylib");
+ verify_string("othersubval1", "app.sub.key1");
+}
+END_TEST
+
START_SETUP(setup_string_config)
{
create_settings(chunk_from_str(
@@ -1115,6 +1461,25 @@ START_TEST(test_valid)
ck_assert(chunk_write(contents, path, 0022, TRUE));
ck_assert(settings->load_files(settings, path, FALSE));
verify_string("a setting with = and { character", "equals");
+
+ contents = chunk_from_str(
+ "ref { key = value }\nvalid:ref {}");
+ ck_assert(chunk_write(contents, path, 0022, TRUE));
+ ck_assert(settings->load_files(settings, path, FALSE));
+ verify_string("value", "valid.key");
+
+ contents = chunk_from_str(
+ "ref { key = value }\nvalid\n:\nref {}");
+ ck_assert(chunk_write(contents, path, 0022, TRUE));
+ ck_assert(settings->load_files(settings, path, FALSE));
+ verify_string("value", "valid.key");
+
+ contents = chunk_from_str(
+ "ref { key = value }\nother { key1 = value1 }\nvalid\n:\nref\n\t,\nother {}");
+ ck_assert(chunk_write(contents, path, 0022, TRUE));
+ ck_assert(settings->load_files(settings, path, FALSE));
+ verify_string("value", "valid.key");
+ verify_string("value1", "valid.key1");
}
END_TEST
@@ -1157,6 +1522,21 @@ START_TEST(test_invalid)
"\"unexpected\" = string");
ck_assert(chunk_write(contents, path, 0022, TRUE));
ck_assert(!settings->load_files(settings, path, FALSE));
+
+ contents = chunk_from_str(
+ "incorrect :: ref {}");
+ ck_assert(chunk_write(contents, path, 0022, TRUE));
+ ck_assert(!settings->load_files(settings, path, FALSE));
+
+ contents = chunk_from_str(
+ "/var/log/daemon.log { dmn = 1 }");
+ ck_assert(chunk_write(contents, path, 0022, TRUE));
+ ck_assert(!settings->load_files(settings, path, FALSE));
+
+ contents = chunk_from_str(
+ "filelog { /var/log/daemon.log = 1 }");
+ ck_assert(chunk_write(contents, path, 0022, TRUE));
+ ck_assert(!settings->load_files(settings, path, FALSE));
}
END_TEST
@@ -1326,14 +1706,25 @@ Suite *settings_suite_create()
tcase_add_checked_fixture(tc, setup_include_config, teardown_config);
tcase_add_test(tc, test_load_string);
tcase_add_test(tc, test_load_string_section);
+ tcase_add_test(tc, test_load_string_section_null);
suite_add_tcase(s, tc);
tc = tcase_create("fallback");
tcase_add_checked_fixture(tc, setup_fallback_config, teardown_config);
tcase_add_test(tc, test_add_fallback);
+ tcase_add_test(tc, test_fallback_resolution);
tcase_add_test(tc, test_add_fallback_printf);
suite_add_tcase(s, tc);
+ tc = tcase_create("references");
+ tcase_add_checked_fixture(tc, NULL, teardown_config);
+ tcase_add_test(tc, test_references);
+ tcase_add_test(tc, test_references_templates);
+ tcase_add_test(tc, test_references_order);
+ tcase_add_test(tc, test_references_resolution);
+ tcase_add_test(tc, test_references_fallback);
+ suite_add_tcase(s, tc);
+
tc = tcase_create("strings");
tcase_add_checked_fixture(tc, setup_string_config, teardown_config);
tcase_add_test(tc, test_strings);
diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c
index 00f000a6a..f1d46ee6b 100644
--- a/src/libstrongswan/tests/suites/test_utils.c
+++ b/src/libstrongswan/tests/suites/test_utils.c
@@ -860,47 +860,75 @@ END_TEST
static struct {
char *s;
bool ok;
+ mark_op_t ops;
mark_t m;
} mark_data[] = {
- {NULL, FALSE, { 0 }},
- {"", TRUE, { 0, 0xffffffff }},
- {"/", TRUE, { 0, 0 }},
- {"42", TRUE, { 42, 0xffffffff }},
- {"0x42", TRUE, { 0x42, 0xffffffff }},
- {"x", FALSE, { 0 }},
- {"42/", TRUE, { 0, 0 }},
- {"42/0", TRUE, { 0, 0 }},
- {"42/x", FALSE, { 0 }},
- {"42/42", TRUE, { 42, 42 }},
- {"42/0xff", TRUE, { 42, 0xff }},
- {"0x42/0xff", TRUE, { 0x42, 0xff }},
- {"/0xff", TRUE, { 0, 0xff }},
- {"/x", FALSE, { 0 }},
- {"x/x", FALSE, { 0 }},
- {"0xfffffff0/0x0000ffff", TRUE, { 0x0000fff0, 0x0000ffff }},
- {"%unique", TRUE, { MARK_UNIQUE, 0xffffffff }},
- {"%unique/", TRUE, { MARK_UNIQUE, 0 }},
- {"%unique/0x0000ffff", TRUE, { MARK_UNIQUE, 0x0000ffff }},
- {"%unique/0xffffffff", TRUE, { MARK_UNIQUE, 0xffffffff }},
- {"%unique0xffffffffff", FALSE, { 0, 0 }},
- {"0xffffffff/0x0000ffff", TRUE, { MARK_UNIQUE, 0x0000ffff }},
- {"0xffffffff/0xffffffff", TRUE, { MARK_UNIQUE, 0xffffffff }},
- {"%unique-dir", TRUE, { MARK_UNIQUE_DIR, 0xffffffff }},
- {"%unique-dir/", TRUE, { MARK_UNIQUE_DIR, 0 }},
- {"%unique-dir/0x0000ffff", TRUE, { MARK_UNIQUE_DIR, 0x0000ffff }},
- {"%unique-dir/0xffffffff", TRUE, { MARK_UNIQUE_DIR, 0xffffffff }},
- {"%unique-dir0xffffffff", FALSE, { 0, 0 }},
- {"0xfffffffe/0x0000ffff", TRUE, { MARK_UNIQUE_DIR, 0x0000ffff }},
- {"0xfffffffe/0xffffffff", TRUE, { MARK_UNIQUE_DIR, 0xffffffff }},
- {"%unique-/0xffffffff", FALSE, { 0, 0 }},
- {"%unique-foo/0xffffffff", FALSE, { 0, 0 }},
+ {NULL, FALSE, MARK_OP_NONE, { 0 }},
+ {"", TRUE, MARK_OP_NONE, { 0, 0xffffffff }},
+ {"/", TRUE, MARK_OP_NONE, { 0, 0 }},
+ {"42", TRUE, MARK_OP_NONE, { 42, 0xffffffff }},
+ {"0x42", TRUE, MARK_OP_NONE, { 0x42, 0xffffffff }},
+ {"x", FALSE, MARK_OP_NONE, { 0 }},
+ {"42/", TRUE, MARK_OP_NONE, { 0, 0 }},
+ {"42/0", TRUE, MARK_OP_NONE, { 0, 0 }},
+ {"42/x", FALSE, MARK_OP_NONE, { 0 }},
+ {"42/42", TRUE, MARK_OP_NONE, { 42, 42 }},
+ {"42/0xff", TRUE, MARK_OP_NONE, { 42, 0xff }},
+ {"0x42/0xff", TRUE, MARK_OP_NONE, { 0x42, 0xff }},
+ {"/0xff", TRUE, MARK_OP_NONE, { 0, 0xff }},
+ {"/x", FALSE, MARK_OP_NONE, { 0 }},
+ {"x/x", FALSE, MARK_OP_NONE, { 0 }},
+ {"0xfffffff0/0x0000ffff", TRUE, MARK_OP_UNIQUE,
+ { 0x0000fff0, 0x0000ffff }},
+ {"%unique", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE, 0xffffffff }},
+ {"%unique/", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE, 0 }},
+ {"%unique", FALSE, MARK_OP_NONE,
+ { 0, 0 }},
+ {"%unique/0x0000ffff", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE, 0x0000ffff }},
+ {"%unique/0xffffffff", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE, 0xffffffff }},
+ {"%unique0xffffffffff", FALSE, MARK_OP_UNIQUE,
+ { 0, 0 }},
+ {"0xffffffff/0x0000ffff", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE, 0x0000ffff }},
+ {"0xffffffff/0xffffffff", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE, 0xffffffff }},
+ {"%unique-dir", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE_DIR, 0xffffffff }},
+ {"%unique-dir/", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE_DIR, 0 }},
+ {"%unique-dir", FALSE, MARK_OP_NONE,
+ { 0, 0 }},
+ {"%unique-dir/0x0000ffff", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE_DIR, 0x0000ffff }},
+ {"%unique-dir/0xffffffff", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE_DIR, 0xffffffff }},
+ {"%unique-dir0xffffffff", FALSE, MARK_OP_UNIQUE,
+ { 0, 0 }},
+ {"0xfffffffe/0x0000ffff", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE_DIR, 0x0000ffff }},
+ {"0xfffffffe/0xffffffff", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE_DIR, 0xffffffff }},
+ {"%unique-/0xffffffff", FALSE, MARK_OP_UNIQUE,
+ { 0, 0 }},
+ {"%unique-foo/0xffffffff", FALSE, MARK_OP_UNIQUE,
+ { 0, 0 }},
+ {"%same", TRUE, MARK_OP_SAME,
+ { MARK_SAME, 0xffffffff }},
+ {"%same/0x0000ffff", TRUE, MARK_OP_SAME,
+ { MARK_SAME, 0x0000ffff }},
+ {"%%same", FALSE, MARK_OP_NONE,
+ { 0, 0 }},
};
START_TEST(test_mark_from_string)
{
mark_t mark;
- if (mark_from_string(mark_data[_i].s, &mark))
+ if (mark_from_string(mark_data[_i].s, mark_data[_i].ops, &mark))
{
ck_assert_int_eq(mark.value, mark_data[_i].m.value);
ck_assert_int_eq(mark.mask, mark_data[_i].m.mask);
diff --git a/src/libstrongswan/threading/windows/mutex.c b/src/libstrongswan/threading/windows/mutex.c
index a26889580..135c8022e 100644
--- a/src/libstrongswan/threading/windows/mutex.c
+++ b/src/libstrongswan/threading/windows/mutex.c
@@ -112,7 +112,7 @@ METHOD(condvar_t, timed_wait, bool,
thread_set_active_condvar(&this->cv);
/* while a CriticalSection is recursive, waiting in a condvar releases
- * only one mutex. So release (and reaquire) all locks except the last. */
+ * only one mutex. So release (and reacquire) all locks except the last. */
times = mutex->times;
while (mutex->times-- > 1)
{
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index 56298a60f..36c0c9daa 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -1222,6 +1222,7 @@ static private_identification_t* create_from_string_with_prefix_type(char *str)
{ "dns:", ID_FQDN },
{ "asn1dn:", ID_DER_ASN1_DN },
{ "asn1gn:", ID_DER_ASN1_GN },
+ { "xmppaddr:", ID_DER_ASN1_GN },
{ "keyid:", ID_KEY_ID },
};
private_identification_t *this;
@@ -1233,6 +1234,7 @@ static private_identification_t* create_from_string_with_prefix_type(char *str)
{
this = identification_create(prefixes[i].type);
str += strlen(prefixes[i].str);
+
if (*str == '#')
{
this->encoded = chunk_from_hex(chunk_from_str(str + 1), NULL);
@@ -1241,6 +1243,17 @@ static private_identification_t* create_from_string_with_prefix_type(char *str)
{
this->encoded = chunk_clone(chunk_from_str(str));
}
+
+ if (prefixes[i].type == ID_DER_ASN1_GN &&
+ strcasepfx(prefixes[i].str, "xmppaddr:"))
+ {
+ this->encoded = asn1_wrap(ASN1_CONTEXT_C_0, "mm",
+ asn1_build_known_oid(OID_XMPP_ADDR),
+ asn1_wrap(ASN1_CONTEXT_C_0, "m",
+ asn1_wrap(ASN1_UTF8STRING, "m",
+ this->encoded)));
+ }
+
return this;
}
}
diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c
index b873e12a8..efeb0f478 100644
--- a/src/libstrongswan/utils/leak_detective.c
+++ b/src/libstrongswan/utils/leak_detective.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013-2014 Tobias Brunner
+ * Copyright (C) 2013-2018 Tobias Brunner
* Copyright (C) 2006-2013 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
@@ -162,7 +162,12 @@ static spinlock_t *lock;
/**
* Is leak detection currently enabled?
*/
-static bool enabled = FALSE;
+static bool enabled;
+
+/**
+ * Whether to report calls to free() with memory not allocated by us
+ */
+static bool ignore_unknown;
/**
* Is leak detection disabled for the current thread?
@@ -609,6 +614,11 @@ static char *whitelist[] = {
/* FHH IMCs and IMVs */
"TNC_IMC_NotifyConnectionChange",
"TNC_IMV_NotifyConnectionChange",
+ /* Botan */
+ "botan_public_key_load",
+ "botan_privkey_create_ecdsa",
+ "botan_privkey_create_ecdh",
+ "botan_privkey_load_ecdh",
};
/**
@@ -883,7 +893,7 @@ HOOK(void, free, void *ptr)
return;
}
/* allow freeing of NULL */
- if (ptr == NULL)
+ if (!ptr)
{
return;
}
@@ -894,21 +904,47 @@ HOOK(void, free, void *ptr)
if (hdr->magic != MEMORY_HEADER_MAGIC ||
tail->magic != MEMORY_TAIL_MAGIC)
{
+ bool bt = TRUE;
+
+ /* check if memory appears to be allocated by our hooks */
if (has_hdr(hdr))
{
- /* memory was allocated by our hooks but is corrupted */
fprintf(stderr, "freeing corrupted memory (%p): "
- "header magic 0x%x, tail magic 0x%x:\n",
- ptr, hdr->magic, tail->magic);
+ "%u bytes, header magic 0x%x, tail magic 0x%x:\n",
+ ptr, hdr->bytes, hdr->magic, tail->magic);
+ remove_hdr(hdr);
+
+ if (hdr->magic == MEMORY_HEADER_MAGIC)
+ { /* only access the old backtrace if header magic is valid */
+ hdr->backtrace->log(hdr->backtrace, stderr, TRUE);
+ hdr->backtrace->destroy(hdr->backtrace);
+ }
+ else
+ {
+ fprintf(stderr, " header magic invalid, ignore backtrace of "
+ "allocation\n");
+ }
}
else
{
- /* memory was not allocated by our hooks */
- fprintf(stderr, "freeing invalid memory (%p)\n", ptr);
+ /* just free this block of unknown memory */
+ hdr = ptr;
+
+ if (ignore_unknown)
+ {
+ bt = FALSE;
+ }
+ else
+ {
+ fprintf(stderr, "freeing unknown memory (%p):\n", ptr);
+ }
+ }
+ if (bt)
+ {
+ backtrace = backtrace_create(2);
+ backtrace->log(backtrace, stderr, TRUE);
+ backtrace->destroy(backtrace);
}
- backtrace = backtrace_create(2);
- backtrace->log(backtrace, stderr, TRUE);
- backtrace->destroy(backtrace);
}
else
{
@@ -916,12 +952,11 @@ HOOK(void, free, void *ptr)
hdr->backtrace->destroy(hdr->backtrace);
- /* clear MAGIC, set mem to something remarkable */
+ /* set mem to something remarkable */
memset(hdr, MEMORY_FREE_PATTERN,
sizeof(memory_header_t) + hdr->bytes + sizeof(memory_tail_t));
-
- real_free(hdr);
}
+ real_free(hdr);
enable_thread(before);
}
@@ -933,19 +968,19 @@ HOOK(void*, realloc, void *old, size_t bytes)
memory_header_t *hdr;
memory_tail_t *tail;
backtrace_t *backtrace;
- bool before;
+ bool before, have_backtrace = TRUE;
if (!enabled || thread_disabled->get(thread_disabled))
{
return real_realloc(old, bytes);
}
/* allow reallocation of NULL */
- if (old == NULL)
+ if (!old)
{
return malloc(bytes);
}
/* handle zero size as a free() */
- if (bytes == 0)
+ if (!bytes)
{
free(old);
return NULL;
@@ -954,22 +989,64 @@ HOOK(void*, realloc, void *old, size_t bytes)
hdr = old - sizeof(memory_header_t);
tail = old + hdr->bytes;
- remove_hdr(hdr);
-
+ before = enable_thread(FALSE);
if (hdr->magic != MEMORY_HEADER_MAGIC ||
tail->magic != MEMORY_TAIL_MAGIC)
{
- fprintf(stderr, "reallocating invalid memory (%p):\n"
- "header magic 0x%x:\n", old, hdr->magic);
- backtrace = backtrace_create(2);
- backtrace->log(backtrace, stderr, TRUE);
- backtrace->destroy(backtrace);
+ bool bt = TRUE;
+
+ /* check if memory appears to be allocated by our hooks */
+ if (has_hdr(hdr))
+ {
+ fprintf(stderr, "reallocating corrupted memory (%p, %u bytes): "
+ "%zu bytes, header magic 0x%x, tail magic 0x%x:\n",
+ old, hdr->bytes, bytes, hdr->magic, tail->magic);
+ remove_hdr(hdr);
+
+ if (hdr->magic == MEMORY_HEADER_MAGIC)
+ { /* only access header fields (backtrace, bytes) if header magic
+ * is still valid */
+ hdr->backtrace->log(hdr->backtrace, stderr, TRUE);
+ memset(&tail->magic, MEMORY_ALLOC_PATTERN, sizeof(tail->magic));
+ }
+ else
+ {
+ fprintf(stderr, " header magic invalid, ignore backtrace of "
+ "allocation\n");
+ have_backtrace = FALSE;
+ hdr->magic = MEMORY_HEADER_MAGIC;
+ }
+ }
+ else
+ {
+ /* adopt this block of unknown memory */
+ hdr = old;
+ have_backtrace = FALSE;
+
+ if (ignore_unknown)
+ {
+ bt = FALSE;
+ }
+ else
+ {
+ fprintf(stderr, "reallocating unknown memory (%p): %zu bytes:\n",
+ old, bytes);
+ }
+ }
+ if (bt)
+ {
+ backtrace = backtrace_create(2);
+ backtrace->log(backtrace, stderr, TRUE);
+ backtrace->destroy(backtrace);
+ }
}
else
{
+ remove_hdr(hdr);
/* clear tail magic, allocate, set tail magic */
memset(&tail->magic, MEMORY_ALLOC_PATTERN, sizeof(tail->magic));
}
+
hdr = real_realloc(hdr,
sizeof(memory_header_t) + bytes + sizeof(memory_tail_t));
tail = ((void*)hdr) + bytes + sizeof(memory_header_t);
@@ -978,8 +1055,10 @@ HOOK(void*, realloc, void *old, size_t bytes)
/* update statistics */
hdr->bytes = bytes;
- before = enable_thread(FALSE);
- hdr->backtrace->destroy(hdr->backtrace);
+ if (have_backtrace)
+ {
+ hdr->backtrace->destroy(hdr->backtrace);
+ }
hdr->backtrace = backtrace_create(2);
enable_thread(before);
@@ -1022,6 +1101,7 @@ leak_detective_t *leak_detective_create()
free(this);
return NULL;
}
+ ignore_unknown = getenv("LEAK_DETECTIVE_IGNORE_UNKNOWN") != NULL;
lock = spinlock_create();
thread_disabled = thread_value_create(NULL);
diff --git a/src/libstrongswan/utils/utils/atomics.h b/src/libstrongswan/utils/utils/atomics.h
index a973b1adc..c23b361ec 100644
--- a/src/libstrongswan/utils/utils/atomics.h
+++ b/src/libstrongswan/utils/utils/atomics.h
@@ -27,8 +27,14 @@
*/
typedef u_int refcount_t;
+/* use __atomic* built-ins with clang, if available (note that clang also
+ * defines __GNUC__, however only claims to be GCC 4.2) */
+#if defined(__clang__)
+# if __has_builtin(__atomic_add_fetch)
+# define HAVE_GCC_ATOMIC_OPERATIONS
+# endif
/* use __atomic* built-ins with GCC 4.7 and newer */
-#ifdef __GNUC__
+#elif defined(__GNUC__)
# if (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 6))
# define HAVE_GCC_ATOMIC_OPERATIONS
# endif
@@ -47,7 +53,7 @@ typedef u_int refcount_t;
#define ref_put(ref) (!__atomic_sub_fetch(ref, 1, __ATOMIC_ACQ_REL))
#define ref_cur(ref) __atomic_load_n(ref, __ATOMIC_RELAXED)
-#define _cas_impl(ptr, oldval, newval) ({ typeof(oldval) _old = oldval; \
+#define _cas_impl(ptr, oldval, newval) ({ typeof(*ptr) _old = oldval; \
__atomic_compare_exchange_n(ptr, &_old, newval, FALSE, \
__ATOMIC_SEQ_CST, __ATOMIC_RELAXED); })
#define cas_bool(ptr, oldval, newval) _cas_impl(ptr, oldval, newval)
diff --git a/src/libtls/Makefile.am b/src/libtls/Makefile.am
index 635be3845..b6496363c 100644
--- a/src/libtls/Makefile.am
+++ b/src/libtls/Makefile.am
@@ -26,4 +26,4 @@ nobase_tls_include_HEADERS = \
tls_server.h tls_handshake.h tls_application.h tls_aead.h tls.h
endif
-SUBDIRS = .
+SUBDIRS = . tests
diff --git a/src/libtls/Makefile.in b/src/libtls/Makefile.in
index 3412ab1cb..ea6449df3 100644
--- a/src/libtls/Makefile.in
+++ b/src/libtls/Makefile.in
@@ -363,7 +363,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -389,6 +388,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -409,8 +410,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -465,8 +464,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -495,8 +492,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libtls/tests/Makefile.in b/src/libtls/tests/Makefile.in
index c46ca18bd..20913bc09 100644
--- a/src/libtls/tests/Makefile.in
+++ b/src/libtls/tests/Makefile.in
@@ -307,7 +307,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -333,6 +332,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -353,8 +354,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -409,8 +408,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -439,8 +436,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c
index 2ba6dd2a6..1f2439ca1 100644
--- a/src/libtls/tls_peer.c
+++ b/src/libtls/tls_peer.c
@@ -188,7 +188,7 @@ static status_t process_server_hello(private_tls_peer_t *this,
suite = cipher;
if (!this->crypto->select_cipher_suite(this->crypto, &suite, 1, KEY_ANY))
{
- DBG1(DBG_TLS, "received TLS cipher suite %N inacceptable",
+ DBG1(DBG_TLS, "received TLS cipher suite %N unacceptable",
tls_cipher_suite_names, suite);
this->alert->add(this->alert, TLS_FATAL, TLS_HANDSHAKE_FAILURE);
return NEED_MORE;
diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c
index 422211afa..70d17f22c 100644
--- a/src/libtls/tls_server.c
+++ b/src/libtls/tls_server.c
@@ -190,7 +190,7 @@ static bool select_suite_and_key(private_tls_server_t *this,
suites, count, type);
if (!this->suite)
{
- DBG1(DBG_TLS, "received cipher suites inacceptable");
+ DBG1(DBG_TLS, "received cipher suites unacceptable");
return FALSE;
}
this->server_auth->destroy(this->server_auth);
@@ -199,7 +199,7 @@ static bool select_suite_and_key(private_tls_server_t *this,
this->server_auth);
if (!key)
{
- DBG1(DBG_TLS, "received cipher suites inacceptable");
+ DBG1(DBG_TLS, "received cipher suites unacceptable");
return FALSE;
}
}
diff --git a/src/libtls/tls_socket.h b/src/libtls/tls_socket.h
index 0d4db3b41..7924c585c 100644
--- a/src/libtls/tls_socket.h
+++ b/src/libtls/tls_socket.h
@@ -104,7 +104,7 @@ struct tls_socket_t {
* @param peer client identity, NULL for no client authentication
* @param fd socket to read/write from
* @param cache session cache to use, or NULL
- * @param max_version maximun TLS version to negotiate
+ * @param max_version maximum TLS version to negotiate
* @param nullok accept NULL encryption ciphers
* @return TLS socket wrapper
*/
diff --git a/src/libtnccs/Makefile.in b/src/libtnccs/Makefile.in
index 97995800b..ab45f6f91 100644
--- a/src/libtnccs/Makefile.in
+++ b/src/libtnccs/Makefile.in
@@ -367,7 +367,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -393,6 +392,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -413,8 +414,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -469,8 +468,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -499,8 +496,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libtnccs/plugins/tnc_imc/Makefile.in b/src/libtnccs/plugins/tnc_imc/Makefile.in
index 7143a1ce2..70c87ee51 100644
--- a/src/libtnccs/plugins/tnc_imc/Makefile.in
+++ b/src/libtnccs/plugins/tnc_imc/Makefile.in
@@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -341,6 +340,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -361,8 +362,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -417,8 +416,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -447,8 +444,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.in b/src/libtnccs/plugins/tnc_imv/Makefile.in
index a142a7eff..532ec741a 100644
--- a/src/libtnccs/plugins/tnc_imv/Makefile.in
+++ b/src/libtnccs/plugins/tnc_imv/Makefile.in
@@ -316,7 +316,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -342,6 +341,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -362,8 +363,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -418,8 +417,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -448,8 +445,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libtnccs/plugins/tnc_tnccs/Makefile.in b/src/libtnccs/plugins/tnc_tnccs/Makefile.in
index 72a195eca..4ffdf5a43 100644
--- a/src/libtnccs/plugins/tnc_tnccs/Makefile.in
+++ b/src/libtnccs/plugins/tnc_tnccs/Makefile.in
@@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -341,6 +340,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -361,8 +362,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -417,8 +416,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -447,8 +444,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libtnccs/plugins/tnccs_11/Makefile.in b/src/libtnccs/plugins/tnccs_11/Makefile.in
index 7e15cb2ff..7649e999b 100644
--- a/src/libtnccs/plugins/tnccs_11/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_11/Makefile.in
@@ -325,7 +325,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -351,6 +350,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -371,8 +372,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -427,8 +426,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -457,8 +454,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.in b/src/libtnccs/plugins/tnccs_20/Makefile.in
index d7d445fd1..69d48dc47 100644
--- a/src/libtnccs/plugins/tnccs_20/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_20/Makefile.in
@@ -328,7 +328,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -354,6 +353,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -374,8 +375,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -430,8 +429,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -460,8 +457,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c b/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c
index 86ae1c099..32d950297 100644
--- a/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c
+++ b/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c
@@ -92,6 +92,11 @@ struct private_tnccs_20_server_t {
bool request_handshake_retry;
/**
+ * Flag set after sending SRETRY batch
+ */
+ bool retry_handshake;
+
+ /**
* SendMessage() by IMV only allowed if flag is set
*/
bool send_msg;
@@ -279,8 +284,9 @@ static void build_retry_batch(private_tnccs_20_server_t *this)
change_batch_type(this, PB_BATCH_SRETRY);
this->recs->clear_recommendation(this->recs);
- tnc->imvs->notify_connection_change(tnc->imvs, this->connection_id,
- TNC_CONNECTION_STATE_HANDSHAKE);
+
+ /* Handshake will be retried with next incoming CDATA batch */
+ this->retry_handshake = TRUE;
}
METHOD(tnccs_20_handler_t, process, status_t,
@@ -301,7 +307,17 @@ METHOD(tnccs_20_handler_t, process, status_t,
pb_tnc_msg_t *msg;
bool empty = TRUE;
- if (batch_type == PB_BATCH_CRETRY)
+ if (batch_type == PB_BATCH_CDATA)
+ {
+ /* retry handshake after a previous SRETRY batch */
+ if (this->retry_handshake)
+ {
+ tnc->imvs->notify_connection_change(tnc->imvs,
+ this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE);
+ this->retry_handshake = FALSE;
+ }
+ }
+ else if (batch_type == PB_BATCH_CRETRY)
{
/* Send an SRETRY batch in response */
this->mutex->lock(this->mutex);
diff --git a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
index 79db1e9b4..d18924612 100644
--- a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
@@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -341,6 +340,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -361,8 +362,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -417,8 +416,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -447,8 +444,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libtncif/Makefile.in b/src/libtncif/Makefile.in
index bd1da8e18..9b4b149a5 100644
--- a/src/libtncif/Makefile.in
+++ b/src/libtncif/Makefile.in
@@ -277,7 +277,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -303,6 +302,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -323,8 +324,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -379,8 +378,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -409,8 +406,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libtpmtss/Makefile.am b/src/libtpmtss/Makefile.am
index 1b3a9706f..d192fc126 100644
--- a/src/libtpmtss/Makefile.am
+++ b/src/libtpmtss/Makefile.am
@@ -24,8 +24,8 @@ libtpmtss_la_SOURCES = \
tpm_tss.h tpm_tss.c \
tpm_tss_quote_info.h tpm_tss_quote_info.c \
tpm_tss_trousers.h tpm_tss_trousers.c \
- tpm_tss_tss2.h tpm_tss_tss2.c \
- tpm_tss_tss2_names.h tpm_tss_tss2_names.c
+ tpm_tss_tss2.h tpm_tss_tss2_v1.c tpm_tss_tss2_v2.c \
+ tpm_tss_tss2_names.h tpm_tss_tss2_names_v1.c tpm_tss_tss2_names_v2.c
if MONOLITHIC
SUBDIRS =
diff --git a/src/libtpmtss/Makefile.in b/src/libtpmtss/Makefile.in
index 50861bcdd..724906de9 100644
--- a/src/libtpmtss/Makefile.in
+++ b/src/libtpmtss/Makefile.in
@@ -146,7 +146,8 @@ libtpmtss_la_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) $(am__append_4)
am_libtpmtss_la_OBJECTS = tpm_tss.lo tpm_tss_quote_info.lo \
- tpm_tss_trousers.lo tpm_tss_tss2.lo tpm_tss_tss2_names.lo
+ tpm_tss_trousers.lo tpm_tss_tss2_v1.lo tpm_tss_tss2_v2.lo \
+ tpm_tss_tss2_names_v1.lo tpm_tss_tss2_names_v2.lo
libtpmtss_la_OBJECTS = $(am_libtpmtss_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
@@ -355,7 +356,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -381,6 +381,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -401,8 +403,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -457,8 +457,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -487,8 +485,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
@@ -511,8 +513,8 @@ libtpmtss_la_SOURCES = \
tpm_tss.h tpm_tss.c \
tpm_tss_quote_info.h tpm_tss_quote_info.c \
tpm_tss_trousers.h tpm_tss_trousers.c \
- tpm_tss_tss2.h tpm_tss_tss2.c \
- tpm_tss_tss2_names.h tpm_tss_tss2_names.c
+ tpm_tss_tss2.h tpm_tss_tss2_v1.c tpm_tss_tss2_v2.c \
+ tpm_tss_tss2_names.h tpm_tss_tss2_names_v1.c tpm_tss_tss2_names_v2.c
@MONOLITHIC_FALSE@SUBDIRS = . $(am__append_3)
@MONOLITHIC_TRUE@SUBDIRS = $(am__append_3)
@@ -600,8 +602,10 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_quote_info.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_trousers.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_tss2.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_tss2_names.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_tss2_names_v1.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_tss2_names_v2.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_tss2_v1.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_tss2_v2.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
diff --git a/src/libtpmtss/plugins/tpm/Makefile.in b/src/libtpmtss/plugins/tpm/Makefile.in
index e03e73656..7cbd25414 100644
--- a/src/libtpmtss/plugins/tpm/Makefile.in
+++ b/src/libtpmtss/plugins/tpm/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libtpmtss/plugins/tpm/tpm_plugin.c b/src/libtpmtss/plugins/tpm/tpm_plugin.c
index e98899852..a00f46ea2 100644
--- a/src/libtpmtss/plugins/tpm/tpm_plugin.c
+++ b/src/libtpmtss/plugins/tpm/tpm_plugin.c
@@ -18,6 +18,7 @@
#include "tpm_cert.h"
#include "tpm_rng.h"
+#include <tpm_tss.h>
#include <library.h>
typedef struct private_tpm_plugin_t private_tpm_plugin_t;
@@ -80,6 +81,7 @@ METHOD(plugin_t, destroy, void,
private_tpm_plugin_t *this)
{
free(this);
+ libtpmtss_deinit();
}
/*
@@ -89,6 +91,11 @@ plugin_t *tpm_plugin_create()
{
private_tpm_plugin_t *this;
+ if (!libtpmtss_init())
+ {
+ return NULL;
+ }
+
INIT(this,
.public = {
.plugin = {
diff --git a/src/libtpmtss/plugins/tpm/tpm_private_key.c b/src/libtpmtss/plugins/tpm/tpm_private_key.c
index 0df5ee94c..3b7582ae3 100644
--- a/src/libtpmtss/plugins/tpm/tpm_private_key.c
+++ b/src/libtpmtss/plugins/tpm/tpm_private_key.c
@@ -93,7 +93,7 @@ METHOD(private_key_t, sign, bool,
enumerator->destroy(enumerator);
return this->tpm->sign(this->tpm, this->hierarchy, this->handle, scheme,
- data, pin, signature);
+ params, data, pin, signature);
}
METHOD(private_key_t, decrypt, bool,
diff --git a/src/libtpmtss/tpm_tss.c b/src/libtpmtss/tpm_tss.c
index 42a341896..72fd45b81 100644
--- a/src/libtpmtss/tpm_tss.c
+++ b/src/libtpmtss/tpm_tss.c
@@ -27,12 +27,20 @@
/**
* Described in header.
*/
-void libtpmtss_init(void)
+bool libtpmtss_init(void)
{
- /* empty */
+ return tpm_tss_tss2_init();
}
-typedef tpm_tss_t*(*tpm_tss_create)();
+/**
+ * Described in header.
+ */
+void libtpmtss_deinit(void)
+{
+ tpm_tss_tss2_deinit();
+}
+
+typedef tpm_tss_t*(*tpm_tss_create)(void);
/**
* See header.
diff --git a/src/libtpmtss/tpm_tss.h b/src/libtpmtss/tpm_tss.h
index bcb7ab949..11e4a7c15 100644
--- a/src/libtpmtss/tpm_tss.h
+++ b/src/libtpmtss/tpm_tss.h
@@ -48,14 +48,14 @@ struct tpm_tss_t {
/**
* Get TPM version supported by TSS
*
- * @return TPM version
+ * @return TPM version
*/
tpm_version_t (*get_version)(tpm_tss_t *this);
/**
* Get TPM version info (TPM 1.2 only)
*
- * @return TPM version info struct
+ * @return TPM version info struct
*/
chunk_t (*get_version_info)(tpm_tss_t *this);
@@ -74,8 +74,8 @@ struct tpm_tss_t {
/**
* Get public key from TPM using its object handle (TPM 2.0 only)
*
- * @param handle key object handle
- * @return public key in PKCS#1 format
+ * @param handle key object handle
+ * @return public key in PKCS#1 format
*/
chunk_t (*get_public)(tpm_tss_t *this, uint32_t handle);
@@ -125,14 +125,15 @@ struct tpm_tss_t {
* @param handle object handle of TPM key to be used for signature
* @param hierarchy hierarchy the TPM key object is attached to
* @param scheme scheme to be used for signature
+ * @param param signature scheme parameters
* @param data data to be hashed and signed
* @param pin PIN code or empty chunk
* @param signature returns signature
* @return TRUE if signature succeeded
*/
bool (*sign)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle,
- signature_scheme_t scheme, chunk_t data, chunk_t pin,
- chunk_t *signature);
+ signature_scheme_t scheme, void *params, chunk_t data,
+ chunk_t pin, chunk_t *signature);
/**
* Get random bytes from the TPM
@@ -169,8 +170,15 @@ struct tpm_tss_t {
tpm_tss_t *tpm_tss_probe(tpm_version_t version);
/**
- * Dummy libtpmtss initialization function needed for integrity test
+ * libtpmtss initialization function
+ *
+ * @return TRUE if initialization was successful
+ */
+bool libtpmtss_init(void);
+
+/**
+ * libtpmtss de-initialization function
*/
-void libtpmtss_init(void);
+void libtpmtss_deinit(void);
#endif /** TPM_TSS_H_ @}*/
diff --git a/src/libtpmtss/tpm_tss_trousers.c b/src/libtpmtss/tpm_tss_trousers.c
index 6ed57af9d..81e542d02 100644
--- a/src/libtpmtss/tpm_tss_trousers.c
+++ b/src/libtpmtss/tpm_tss_trousers.c
@@ -584,7 +584,8 @@ err1:
METHOD(tpm_tss_t, sign, bool,
private_tpm_tss_trousers_t *this, uint32_t hierarchy, uint32_t handle,
- signature_scheme_t scheme, chunk_t data, chunk_t pin, chunk_t *signature)
+ signature_scheme_t scheme, void *params, chunk_t data, chunk_t pin,
+ chunk_t *signature)
{
return FALSE;
}
diff --git a/src/libtpmtss/tpm_tss_trousers.h b/src/libtpmtss/tpm_tss_trousers.h
index 3afba0db2..3ff3e6685 100644
--- a/src/libtpmtss/tpm_tss_trousers.h
+++ b/src/libtpmtss/tpm_tss_trousers.h
@@ -47,6 +47,6 @@ struct tpm_tss_trousers_t {
/**
* Create a tpm_tss_trousers instance.
*/
-tpm_tss_t *tpm_tss_trousers_create();
+tpm_tss_t *tpm_tss_trousers_create(void);
#endif /** TPM_TSS_TROUSERS_H_ @}*/
diff --git a/src/libtpmtss/tpm_tss_tss2.h b/src/libtpmtss/tpm_tss_tss2.h
index f3a11e5fd..f2846c916 100644
--- a/src/libtpmtss/tpm_tss_tss2.h
+++ b/src/libtpmtss/tpm_tss_tss2.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2016 Andreas Steffen
+ * Copyright (C) 2016-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -26,6 +26,18 @@
/**
* Create a tpm_tss_tss2 instance.
*/
-tpm_tss_t *tpm_tss_tss2_create();
+tpm_tss_t *tpm_tss_tss2_create(void);
+
+/**
+ * Initialize the tpm_tss_tss2 library.
+ *
+ * @return TRUE if initialization was successful
+ */
+bool tpm_tss_tss2_init(void);
+
+/**
+ * /De-initialize the tpm_tss_tss2 library.
+ */
+void tpm_tss_tss2_deinit(void);
#endif /** TPM_TSS_TSS2_H_ @}*/
diff --git a/src/libtpmtss/tpm_tss_tss2_names.c b/src/libtpmtss/tpm_tss_tss2_names_v1.c
index a613ac566..d2a4b5b57 100644
--- a/src/libtpmtss/tpm_tss_tss2_names.c
+++ b/src/libtpmtss/tpm_tss_tss2_names_v1.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2016 Andreas Steffen
+ * Copyright (C) 2016-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -15,7 +15,7 @@
#include "tpm_tss_tss2_names.h"
-#ifdef TSS_TSS2
+#ifdef TSS_TSS2_V1
#include <tpm20.h>
@@ -102,7 +102,9 @@ ENUM_NEXT(tpm_ecc_curve_names, TPM_ECC_SM2_P256, TPM_ECC_SM2_P256, TPM_ECC_BN_P6
);
ENUM_END(tpm_ecc_curve_names, TPM_ECC_SM2_P256);
-#else /* TSS_TSS2 */
+#else /* TSS_TSS2_V1 */
+
+#ifndef TSS_TSS2_V2
/**
* TPM 2.0 algorithm ID names
@@ -118,6 +120,8 @@ ENUM(tpm_ecc_curve_names, 0, 0,
"NONE"
);
-#endif /* TSS_TSS2 */
+#endif /* !TSS_TSS2_V2 */
+
+#endif /* TSS_TSS2_V1 */
diff --git a/src/libtpmtss/tpm_tss_tss2_names_v2.c b/src/libtpmtss/tpm_tss_tss2_names_v2.c
new file mode 100644
index 000000000..c8d29e4e6
--- /dev/null
+++ b/src/libtpmtss/tpm_tss_tss2_names_v2.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2018 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifdef TSS_TSS2_V2
+
+#include "tpm_tss_tss2_names.h"
+
+#include <tss2/tss2_sys.h>
+
+/**
+ * TPM 2.0 algorithm ID names
+ */
+ENUM_BEGIN(tpm_alg_id_names, TPM2_ALG_ERROR, TPM2_ALG_RSA,
+ "ERROR",
+ "RSA"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_SHA1, TPM2_ALG_KEYEDHASH, TPM2_ALG_RSA,
+ "SHA1",
+ "HMAC",
+ "AES",
+ "MGF1",
+ "KEYEDHASH"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_XOR, TPM2_ALG_SHA512, TPM2_ALG_KEYEDHASH,
+ "XOR",
+ "SHA256",
+ "SHA384",
+ "SHA512"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_NULL, TPM2_ALG_NULL, TPM2_ALG_SHA512,
+ "NULL"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_SM3_256, TPM2_ALG_ECMQV, TPM2_ALG_NULL,
+ "SM3_256",
+ "SM4",
+ "RSASSA",
+ "RSAES",
+ "RSAPSS",
+ "OAEP",
+ "ECDSA",
+ "ECDH",
+ "SM2",
+ "ECSCHNORR",
+ "ECMQV"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_KDF1_SP800_56A, TPM2_ALG_ECC, TPM2_ALG_ECMQV,
+ "KDF1_SP800_56A",
+ "KDF2",
+ "KDF1_SP800_108",
+ "ECC"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_SYMCIPHER, TPM2_ALG_CAMELLIA, TPM2_ALG_ECC,
+ "SYMCIPHER",
+ "CAMELLIA"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_CTR, TPM2_ALG_ECB, TPM2_ALG_CAMELLIA,
+ "CTR",
+ "OFB",
+ "CBC",
+ "CFB",
+ "ECB"
+);
+ENUM_END(tpm_alg_id_names, TPM2_ALG_ECB);
+
+/**
+ * TPM 2.0 ECC curve names
+ */
+ENUM_BEGIN(tpm_ecc_curve_names, TPM2_ECC_NONE, TPM2_ECC_NIST_P521,
+ "NONE",
+ "NIST_P192",
+ "NIST_P224",
+ "NIST_P256",
+ "NIST_P384",
+ "NIST_P521"
+);
+ENUM_NEXT(tpm_ecc_curve_names, TPM2_ECC_BN_P256, TPM2_ECC_BN_P638, TPM2_ECC_NIST_P521,
+ "BN_P256",
+ "BN_P638"
+);
+ENUM_NEXT(tpm_ecc_curve_names, TPM2_ECC_SM2_P256, TPM2_ECC_SM2_P256, TPM2_ECC_BN_P638,
+ "SM2_P256"
+);
+ENUM_END(tpm_ecc_curve_names, TPM2_ECC_SM2_P256);
+
+#endif /* TSS_TSS2_V2 */
+
diff --git a/src/libtpmtss/tpm_tss_tss2.c b/src/libtpmtss/tpm_tss_tss2_v1.c
index 90a16c103..9ed2798f7 100644
--- a/src/libtpmtss/tpm_tss_tss2.c
+++ b/src/libtpmtss/tpm_tss_tss2_v1.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2016 Andreas Steffen
+ * Copyright (C) 2016-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -16,7 +16,7 @@
#include "tpm_tss_tss2.h"
#include "tpm_tss_tss2_names.h"
-#ifdef TSS_TSS2
+#ifdef TSS_TSS2_V1
#include <asn1/asn1.h>
#include <asn1/oid.h>
@@ -24,9 +24,9 @@
#include <tpm20.h>
-#ifdef TSS2_TCTI_TABRMD
+#ifdef TSS2_TCTI_TABRMD_V1
#include <tcti/tcti-tabrmd.h>
-#endif /* TSS2_TCTI_TABRMD */
+#endif /* TSS2_TCTI_TABRMD_V1 */
#ifdef TSS2_TCTI_SOCKET
#include <tcti_socket.h>
@@ -828,10 +828,12 @@ METHOD(tpm_tss_t, quote, bool,
METHOD(tpm_tss_t, sign, bool,
private_tpm_tss_tss2_t *this, uint32_t hierarchy, uint32_t handle,
- signature_scheme_t scheme, chunk_t data, chunk_t pin, chunk_t *signature)
+ signature_scheme_t scheme, void *params, chunk_t data, chunk_t pin,
+ chunk_t *signature)
{
key_type_t key_type;
hash_algorithm_t hash_alg;
+ rsa_pss_params_t *rsa_pss_params;
uint32_t rval;
TPM_ALG_ID alg_id;
@@ -870,8 +872,17 @@ METHOD(tpm_tss_t, sign, bool,
}
*( (uint8_t *)((void *)&session_data_cmd.sessionAttributes ) ) = 0;
- key_type = key_type_from_signature_scheme(scheme);
- hash_alg = hasher_from_signature_scheme(scheme, NULL);
+ if (scheme == SIGN_RSA_EMSA_PSS)
+ {
+ key_type = KEY_RSA;
+ rsa_pss_params = (rsa_pss_params_t *)params;
+ hash_alg = rsa_pss_params->hash;
+ }
+ else
+ {
+ key_type = key_type_from_signature_scheme(scheme);
+ hash_alg = hasher_from_signature_scheme(scheme, NULL);
+ }
/* Check if hash algorithm is supported by TPM */
alg_id = hash_alg_to_tpm_alg_id(hash_alg);
@@ -890,8 +901,16 @@ METHOD(tpm_tss_t, sign, bool,
if (key_type == KEY_RSA && public.t.publicArea.type == TPM_ALG_RSA)
{
- sig_scheme.scheme = TPM_ALG_RSASSA;
- sig_scheme.details.rsassa.hashAlg = alg_id;
+ if (scheme == SIGN_RSA_EMSA_PSS)
+ {
+ sig_scheme.scheme = TPM_ALG_RSAPSS;
+ sig_scheme.details.rsapss.hashAlg = alg_id;
+ }
+ else
+ {
+ sig_scheme.scheme = TPM_ALG_RSASSA;
+ sig_scheme.details.rsassa.hashAlg = alg_id;
+ }
}
else if (key_type == KEY_ECDSA && public.t.publicArea.type == TPM_ALG_ECC)
{
@@ -983,6 +1002,12 @@ METHOD(tpm_tss_t, sign, bool,
sig.signature.rsassa.sig.t.buffer,
sig.signature.rsassa.sig.t.size));
break;
+ case SIGN_RSA_EMSA_PSS:
+ *signature = chunk_clone(
+ chunk_create(
+ sig.signature.rsapss.sig.t.buffer,
+ sig.signature.rsapss.sig.t.size));
+ break;
case SIGN_ECDSA_256:
case SIGN_ECDSA_384:
case SIGN_ECDSA_521:
@@ -1046,12 +1071,14 @@ METHOD(tpm_tss_t, get_data, bool,
private_tpm_tss_tss2_t *this, uint32_t hierarchy, uint32_t handle,
chunk_t pin, chunk_t *data)
{
- uint16_t nv_size, nv_offset = 0;
+ uint16_t max_data_size, nv_size, nv_offset = 0;
uint32_t rval;
+ TPMS_CAPABILITY_DATA cap_data;
+ TPMI_YES_NO more_data;
TPM2B_NAME nv_name = { { sizeof(TPM2B_NAME)-2, } };
TPM2B_NV_PUBLIC nv_public = { { 0, } };
- TPM2B_MAX_NV_BUFFER nv_data = { { sizeof(TPM2B_MAX_NV_BUFFER)-2, } };
+ TPM2B_MAX_NV_BUFFER nv_data = { { MAX_NV_BUFFER_SIZE, } };
TPMS_AUTH_COMMAND session_data_cmd;
TPMS_AUTH_RESPONSE session_data_rsp;
TSS2_SYS_CMD_AUTHS sessions_data_cmd;
@@ -1059,6 +1086,18 @@ METHOD(tpm_tss_t, get_data, bool,
TPMS_AUTH_COMMAND *session_data_cmd_array[1];
TPMS_AUTH_RESPONSE *session_data_rsp_array[1];
+ /* query maximum TPM data transmission size */
+ rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM_CAP_TPM_PROPERTIES,
+ TPM_PT_NV_BUFFER_MAX, 1, &more_data, &cap_data, 0);
+ if (rval != TPM_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_GetCapability failed for "
+ "TPM_CAP_TPM_PROPERTIES: 0x%06x", LABEL, rval);
+ return FALSE;
+ }
+ max_data_size = min(cap_data.data.tpmProperties.tpmProperty[0].value,
+ MAX_NV_BUFFER_SIZE);
+
/* get size of NV object */
rval = Tss2_Sys_NV_ReadPublic(this->sys_context, handle, 0, &nv_public,
&nv_name, 0);
@@ -1093,11 +1132,11 @@ METHOD(tpm_tss_t, get_data, bool,
}
*( (uint8_t *)((void *)&session_data_cmd.sessionAttributes ) ) = 0;
- /* read NV data an NV buffer block at a time */
+ /* read NV data a maximum data size block at a time */
while (nv_size > 0)
{
rval = Tss2_Sys_NV_Read(this->sys_context, hierarchy, handle,
- &sessions_data_cmd, min(nv_size, MAX_NV_BUFFER_SIZE),
+ &sessions_data_cmd, min(nv_size, max_data_size),
nv_offset, &nv_data, &sessions_data_rsp);
if (rval != TPM_RC_SUCCESS)
@@ -1154,7 +1193,7 @@ tpm_tss_t *tpm_tss_tss2_create()
{
available = initialize_sys_context(this);
}
- DBG1(DBG_PTS, "TPM 2.0 via TSS2 %savailable", available ? "" : "not ");
+ DBG1(DBG_PTS, "TPM 2.0 via TSS2 v1 %savailable", available ? "" : "not ");
if (!available)
{
@@ -1164,13 +1203,15 @@ tpm_tss_t *tpm_tss_tss2_create()
return &this->public;
}
-#else /* TSS_TSS2 */
+#else /* TSS_TSS2_V1 */
-tpm_tss_t *tpm_tss_tss2_create()
+#ifndef TSS_TSS2_V2
+tpm_tss_t *tpm_tss_tss2_create(void)
{
return NULL;
}
+#endif /* !TSS_TSS2_V2 */
-#endif /* TSS_TSS2 */
+#endif /* TSS_TSS2_V1 */
diff --git a/src/libtpmtss/tpm_tss_tss2_v2.c b/src/libtpmtss/tpm_tss_tss2_v2.c
new file mode 100644
index 000000000..7cb0d48a9
--- /dev/null
+++ b/src/libtpmtss/tpm_tss_tss2_v2.c
@@ -0,0 +1,1190 @@
+/*
+ * Copyright (C) 2018 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tpm_tss_tss2.h"
+#include "tpm_tss_tss2_names.h"
+
+#ifdef TSS_TSS2_V2
+
+#include <asn1/asn1.h>
+#include <asn1/oid.h>
+#include <bio/bio_reader.h>
+
+#include <tss2/tss2_sys.h>
+
+#include <dlfcn.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#define LABEL "TPM 2.0 -"
+
+#define PLATFORM_PCR 24
+
+typedef struct private_tpm_tss_tss2_t private_tpm_tss_tss2_t;
+
+/**
+ * Private data of an tpm_tss_tss2_t object.
+ */
+struct private_tpm_tss_tss2_t {
+
+ /**
+ * Public tpm_tss_tss2_t interface.
+ */
+ tpm_tss_t public;
+
+ /**
+ * TCTI context
+ */
+ TSS2_TCTI_CONTEXT *tcti_context;
+
+ /**
+ * SYS context
+ */
+ TSS2_SYS_CONTEXT *sys_context;
+
+ /**
+ * Number of supported algorithms
+ */
+ size_t supported_algs_count;
+
+ /**
+ * List of supported algorithms
+ */
+ TPM2_ALG_ID supported_algs[TPM2_PT_ALGORITHM_SET];
+};
+
+/**
+ * Global TCTI dynamic library handle and init function
+ */
+static void *tcti_handle;
+
+static TSS2_TCTI_INIT_FUNC tcti_init;
+
+static char *tcti_opts;
+
+/**
+ * Empty AUTH_COMMAND
+ */
+static const TPMS_AUTH_COMMAND auth_cmd_empty;
+
+/**
+ * Convert hash algorithm to TPM2_ALG_ID
+ */
+static TPM2_ALG_ID hash_alg_to_tpm_alg_id(hash_algorithm_t alg)
+{
+ switch (alg)
+ {
+ case HASH_SHA1:
+ return TPM2_ALG_SHA1;
+ case HASH_SHA256:
+ return TPM2_ALG_SHA256;
+ case HASH_SHA384:
+ return TPM2_ALG_SHA384;
+ case HASH_SHA512:
+ return TPM2_ALG_SHA512;
+ default:
+ return TPM2_ALG_ERROR;
+ }
+}
+
+/**
+ * Convert TPM2_ALG_ID to hash algorithm
+ */
+static hash_algorithm_t hash_alg_from_tpm_alg_id(TPM2_ALG_ID alg)
+{
+ switch (alg)
+ {
+ case TPM2_ALG_SHA1:
+ return HASH_SHA1;
+ case TPM2_ALG_SHA256:
+ return HASH_SHA256;
+ case TPM2_ALG_SHA384:
+ return HASH_SHA384;
+ case TPM2_ALG_SHA512:
+ return HASH_SHA512;
+ default:
+ return HASH_UNKNOWN;
+ }
+}
+
+/**
+ * Check if an algorithm given by its TPM2_ALG_ID is supported by the TPM
+ */
+static bool is_supported_alg(private_tpm_tss_tss2_t *this, TPM2_ALG_ID alg_id)
+{
+ int i;
+
+ if (alg_id == TPM2_ALG_ERROR)
+ {
+ return FALSE;
+ }
+
+ for (i = 0; i < this->supported_algs_count; i++)
+ {
+ if (this->supported_algs[i] == alg_id)
+ {
+ return TRUE;
+ }
+ }
+
+ return FALSE;
+}
+
+/**
+ * Get a list of supported algorithms
+ */
+static bool get_algs_capability(private_tpm_tss_tss2_t *this)
+{
+ TPMS_CAPABILITY_DATA cap_data;
+ TPMS_TAGGED_PROPERTY tp;
+ TPMI_YES_NO more_data;
+ TPM2_ALG_ID alg;
+ uint32_t rval, i, offset, revision = 0, year = 0;
+ size_t len = BUF_LEN;
+ char buf[BUF_LEN], manufacturer[5], vendor_string[17];
+ char *pos = buf;
+ int written;
+
+ /* get fixed properties */
+ rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM2_CAP_TPM_PROPERTIES,
+ TPM2_PT_FIXED, TPM2_MAX_TPM_PROPERTIES,
+ &more_data, &cap_data, 0);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s GetCapability failed for TPM2_CAP_TPM_PROPERTIES: 0x%06x",
+ LABEL, rval);
+ return FALSE;
+ }
+ memset(manufacturer, '\0', sizeof(manufacturer));
+ memset(vendor_string, '\0', sizeof(vendor_string));
+
+ /* print fixed properties */
+ for (i = 0; i < cap_data.data.tpmProperties.count; i++)
+ {
+ tp = cap_data.data.tpmProperties.tpmProperty[i];
+ switch (tp.property)
+ {
+ case TPM2_PT_REVISION:
+ revision = tp.value;
+ break;
+ case TPM2_PT_YEAR:
+ year = tp.value;
+ break;
+ case TPM2_PT_MANUFACTURER:
+ htoun32(manufacturer, tp.value);
+ break;
+ case TPM2_PT_VENDOR_STRING_1:
+ case TPM2_PT_VENDOR_STRING_2:
+ case TPM2_PT_VENDOR_STRING_3:
+ case TPM2_PT_VENDOR_STRING_4:
+ offset = 4 * (tp.property - TPM2_PT_VENDOR_STRING_1);
+ htoun32(vendor_string + offset, tp.value);
+ break;
+ default:
+ break;
+ }
+ }
+ DBG2(DBG_PTS, "%s manufacturer: %s (%s) rev: %05.2f %u", LABEL, manufacturer,
+ vendor_string, (float)revision/100, year);
+
+ /* get supported algorithms */
+ rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM2_CAP_ALGS,
+ 0, TPM2_PT_ALGORITHM_SET, &more_data, &cap_data, 0);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s GetCapability failed for TPM2_CAP_ALGS: 0x%06x",
+ LABEL, rval);
+ return FALSE;
+ }
+
+ /* Number of supported algorithms */
+ this->supported_algs_count = cap_data.data.algorithms.count;
+
+ /* store and print supported algorithms */
+ for (i = 0; i < this->supported_algs_count; i++)
+ {
+ alg = cap_data.data.algorithms.algProperties[i].alg;
+ this->supported_algs[i] = alg;
+
+ written = snprintf(pos, len, " %N", tpm_alg_id_names, alg);
+ if (written < 0 || written >= len)
+ {
+ break;
+ }
+ pos += written;
+ len -= written;
+ }
+ DBG2(DBG_PTS, "%s algorithms:%s", LABEL, buf);
+
+ /* get supported ECC curves */
+ rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM2_CAP_ECC_CURVES,
+ 0, TPM2_PT_LOADED_CURVES, &more_data, &cap_data, 0);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s GetCapability failed for TPM2_ECC_CURVES: 0x%06x",
+ LABEL, rval);
+ return FALSE;
+ }
+
+ /* reset print buffer */
+ pos = buf;
+ len = BUF_LEN;
+
+ /* print supported ECC curves */
+ for (i = 0; i < cap_data.data.eccCurves.count; i++)
+ {
+ written = snprintf(pos, len, " %N", tpm_ecc_curve_names,
+ cap_data.data.eccCurves.eccCurves[i]);
+ if (written < 0 || written >= len)
+ {
+ break;
+ }
+ pos += written;
+ len -= written;
+ }
+ DBG2(DBG_PTS, "%s ECC curves:%s", LABEL, buf);
+
+ return TRUE;
+}
+
+/**
+ * Initialize TSS2 TCTI context
+ */
+static bool initialize_tcti_context(private_tpm_tss_tss2_t *this)
+{
+ size_t tcti_context_size;
+ uint32_t rval;
+
+ if (!tcti_init)
+ {
+ return FALSE;
+ }
+
+ /* determine size of tcti context */
+ rval = tcti_init(NULL, &tcti_context_size, tcti_opts);
+ if (rval != TSS2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s tcti init setup failed: 0x%06x", LABEL, rval);
+ return FALSE;
+ }
+
+ /* allocate and initialize memory for tcti context */
+ this->tcti_context = (TSS2_TCTI_CONTEXT*)malloc(tcti_context_size);
+ memset(this->tcti_context, 0x00, tcti_context_size);
+
+ /* initialize tcti context */
+ rval = tcti_init(this->tcti_context, &tcti_context_size, tcti_opts);
+ if (rval != TSS2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s tcti init allocation failed: 0x%06x", LABEL,rval);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/**
+ * Initialize TSS2 Sys context
+ */
+static bool initialize_sys_context(private_tpm_tss_tss2_t *this)
+{
+ uint32_t sys_context_size;
+ uint32_t rval;
+
+ TSS2_ABI_VERSION abi_version = {
+ .tssCreator = 1,
+ .tssFamily = 2,
+ .tssLevel = 1,
+ .tssVersion = 108
+ };
+
+ /* determine size of sys context */
+ sys_context_size = Tss2_Sys_GetContextSize(0);
+
+ /* allocate memory for sys context */
+ this->sys_context = (TSS2_SYS_CONTEXT*)malloc(sys_context_size);
+
+ /* initialize sys context */
+ rval = Tss2_Sys_Initialize(this->sys_context, sys_context_size,
+ this->tcti_context, &abi_version);
+ if (rval != TSS2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s could not get sys_context: 0x%06x",
+ LABEL, rval);
+ return FALSE;
+ }
+
+ /* get a list of supported algorithms and ECC curves */
+ return get_algs_capability(this);
+}
+
+/**
+ * Finalize TSS context
+ */
+static void finalize_context(private_tpm_tss_tss2_t *this)
+{
+ if (this->tcti_context)
+ {
+ Tss2_Tcti_Finalize(this->tcti_context);
+ free(this->tcti_context);
+ }
+ if (this->sys_context)
+ {
+ Tss2_Sys_Finalize(this->sys_context);
+ free(this->sys_context);
+ }
+}
+
+METHOD(tpm_tss_t, get_version, tpm_version_t,
+ private_tpm_tss_tss2_t *this)
+{
+ return TPM_VERSION_2_0;
+}
+
+METHOD(tpm_tss_t, get_version_info, chunk_t,
+ private_tpm_tss_tss2_t *this)
+{
+ return chunk_empty;
+}
+
+/**
+ * read the public key portion of a TSS 2.0 AIK key from NVRAM
+ */
+bool read_public(private_tpm_tss_tss2_t *this, TPMI_DH_OBJECT handle,
+ TPM2B_PUBLIC *public)
+{
+ uint32_t rval;
+
+ TPM2B_NAME name = { sizeof(TPM2B_NAME)-2, };
+ TPM2B_NAME qualified_name = { sizeof(TPM2B_NAME)-2, };
+ TSS2L_SYS_AUTH_RESPONSE auth_rsp;
+
+
+ /* read public key for a given object handle from TPM 2.0 NVRAM */
+ rval = Tss2_Sys_ReadPublic(this->sys_context, handle, 0, public, &name,
+ &qualified_name, &auth_rsp);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s could not read public key from handle 0x%08x: 0x%06x",
+ LABEL, handle, rval);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(tpm_tss_t, generate_aik, bool,
+ private_tpm_tss_tss2_t *this, chunk_t ca_modulus, chunk_t *aik_blob,
+ chunk_t *aik_pubkey, chunk_t *identity_req)
+{
+ return FALSE;
+}
+
+METHOD(tpm_tss_t, get_public, chunk_t,
+ private_tpm_tss_tss2_t *this, uint32_t handle)
+{
+ TPM2B_PUBLIC public = { 0, };
+ TPM2_ALG_ID sig_alg, digest_alg;
+ chunk_t aik_blob, aik_pubkey = chunk_empty;
+
+ if (!read_public(this, handle, &public))
+ {
+ return chunk_empty;
+ }
+
+ aik_blob = chunk_create((u_char*)&public, sizeof(public));
+ DBG3(DBG_LIB, "%s AIK public key blob: %B", LABEL, &aik_blob);
+
+ /* convert TSS 2.0 AIK public key blot into PKCS#1 format */
+ switch (public.publicArea.type)
+ {
+ case TPM2_ALG_RSA:
+ {
+ TPM2B_PUBLIC_KEY_RSA *rsa;
+ TPMT_RSA_SCHEME *scheme;
+ chunk_t aik_exponent, aik_modulus;
+
+ scheme = &public.publicArea.parameters.rsaDetail.scheme;
+ sig_alg = scheme->scheme;
+ digest_alg = scheme->details.anySig.hashAlg;
+
+ rsa = &public.publicArea.unique.rsa;
+ aik_modulus = chunk_create(rsa->buffer, rsa->size);
+ aik_exponent = chunk_from_chars(0x01, 0x00, 0x01);
+
+ /* subjectPublicKeyInfo encoding of AIK RSA key */
+ if (!lib->encoding->encode(lib->encoding, PUBKEY_SPKI_ASN1_DER,
+ NULL, &aik_pubkey, CRED_PART_RSA_MODULUS, aik_modulus,
+ CRED_PART_RSA_PUB_EXP, aik_exponent, CRED_PART_END))
+ {
+ DBG1(DBG_PTS, "%s subjectPublicKeyInfo encoding of AIK key "
+ "failed", LABEL);
+ return chunk_empty;
+ }
+ break;
+ }
+ case TPM2_ALG_ECC:
+ {
+ TPMS_ECC_POINT *ecc;
+ TPMT_ECC_SCHEME *scheme;
+ chunk_t ecc_point;
+ uint8_t *pos;
+
+ scheme = &public.publicArea.parameters.eccDetail.scheme;
+ sig_alg = scheme->scheme;
+ digest_alg = scheme->details.anySig.hashAlg;
+
+ ecc = &public.publicArea.unique.ecc;
+
+ /* allocate space for bit string */
+ pos = asn1_build_object(&ecc_point, ASN1_BIT_STRING,
+ 2 + ecc->x.size + ecc->y.size);
+ /* bit string length is a multiple of octets */
+ *pos++ = 0x00;
+ /* uncompressed ECC point format */
+ *pos++ = 0x04;
+ /* copy x coordinate of ECC point */
+ memcpy(pos, ecc->x.buffer, ecc->x.size);
+ pos += ecc->x.size;
+ /* copy y coordinate of ECC point */
+ memcpy(pos, ecc->y.buffer, ecc->y.size);
+ /* subjectPublicKeyInfo encoding of AIK ECC key */
+ aik_pubkey = asn1_wrap(ASN1_SEQUENCE, "mm",
+ asn1_wrap(ASN1_SEQUENCE, "mm",
+ asn1_build_known_oid(OID_EC_PUBLICKEY),
+ asn1_build_known_oid(ecc->x.size == 32 ?
+ OID_PRIME256V1 : OID_SECT384R1)),
+ ecc_point);
+ break;
+ }
+ default:
+ DBG1(DBG_PTS, "%s unsupported AIK key type", LABEL);
+ return chunk_empty;
+ }
+ DBG1(DBG_PTS, "AIK signature algorithm is %N with %N hash",
+ tpm_alg_id_names, sig_alg, tpm_alg_id_names, digest_alg);
+ return aik_pubkey;
+}
+
+/**
+ * Configure a PCR Selection assuming a maximum of 24 registers
+ */
+static bool init_pcr_selection(private_tpm_tss_tss2_t *this, uint32_t pcrs,
+ hash_algorithm_t alg, TPML_PCR_SELECTION *pcr_sel)
+{
+ TPM2_ALG_ID alg_id;
+ uint32_t pcr;
+
+ /* check if hash algorithm is supported by TPM */
+ alg_id = hash_alg_to_tpm_alg_id(alg);
+ if (!is_supported_alg(this, alg_id))
+ {
+ DBG1(DBG_PTS, "%s %N hash algorithm not supported by TPM",
+ LABEL, hash_algorithm_short_names, alg);
+ return FALSE;
+ }
+
+ /* initialize the PCR Selection structure,*/
+ pcr_sel->count = 1;
+ pcr_sel->pcrSelections[0].hash = alg_id;
+ pcr_sel->pcrSelections[0].sizeofSelect = 3;
+ pcr_sel->pcrSelections[0].pcrSelect[0] = 0;
+ pcr_sel->pcrSelections[0].pcrSelect[1] = 0;
+ pcr_sel->pcrSelections[0].pcrSelect[2] = 0;
+
+ /* set the selected PCRs */
+ for (pcr = 0; pcr < PLATFORM_PCR; pcr++)
+ {
+ if (pcrs & (1 << pcr))
+ {
+ pcr_sel->pcrSelections[0].pcrSelect[pcr / 8] |= ( 1 << (pcr % 8) );
+ }
+ }
+ return TRUE;
+}
+
+METHOD(tpm_tss_t, read_pcr, bool,
+ private_tpm_tss_tss2_t *this, uint32_t pcr_num, chunk_t *pcr_value,
+ hash_algorithm_t alg)
+{
+ TPML_PCR_SELECTION pcr_selection;
+ TPML_DIGEST pcr_values;
+
+ uint32_t pcr_update_counter, rval;
+ uint8_t *pcr_value_ptr;
+ size_t pcr_value_len;
+
+ if (pcr_num >= PLATFORM_PCR)
+ {
+ DBG1(DBG_PTS, "%s maximum number of supported PCR is %d",
+ LABEL, PLATFORM_PCR);
+ return FALSE;
+ }
+
+ if (!init_pcr_selection(this, (1 << pcr_num), alg, &pcr_selection))
+ {
+ return FALSE;
+ }
+
+ /* initialize the PCR Digest structure */
+ memset(&pcr_values, 0, sizeof(TPML_DIGEST));
+
+ /* read the PCR value */
+ rval = Tss2_Sys_PCR_Read(this->sys_context, 0, &pcr_selection,
+ &pcr_update_counter, &pcr_selection, &pcr_values, 0);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s PCR bank could not be read: 0x%60x",
+ LABEL, rval);
+ return FALSE;
+ }
+ pcr_value_ptr = (uint8_t *)pcr_values.digests[0].buffer;
+ pcr_value_len = (size_t) pcr_values.digests[0].size;
+
+ *pcr_value = chunk_clone(chunk_create(pcr_value_ptr, pcr_value_len));
+
+ return TRUE;
+}
+
+METHOD(tpm_tss_t, extend_pcr, bool,
+ private_tpm_tss_tss2_t *this, uint32_t pcr_num, chunk_t *pcr_value,
+ chunk_t data, hash_algorithm_t alg)
+{
+ uint32_t rval;
+ TPM2_ALG_ID alg_id;
+ TPML_DIGEST_VALUES digest_values;
+ TSS2L_SYS_AUTH_COMMAND auth_cmd = { 1, { auth_cmd_empty } };
+ TSS2L_SYS_AUTH_RESPONSE auth_rsp;
+
+ auth_cmd.auths[0].sessionHandle = TPM2_RS_PW;
+
+ /* check if hash algorithm is supported by TPM */
+ alg_id = hash_alg_to_tpm_alg_id(alg);
+ if (!is_supported_alg(this, alg_id))
+ {
+ DBG1(DBG_PTS, "%s %N hash algorithm not supported by TPM",
+ LABEL, hash_algorithm_short_names, alg);
+ return FALSE;
+ }
+
+ digest_values.count = 1;
+ digest_values.digests[0].hashAlg = alg_id;
+
+ switch (alg)
+ {
+ case HASH_SHA1:
+ if (data.len != HASH_SIZE_SHA1)
+ {
+ return FALSE;
+ }
+ memcpy(digest_values.digests[0].digest.sha1, data.ptr,
+ HASH_SIZE_SHA1);
+ break;
+ case HASH_SHA256:
+ if (data.len != HASH_SIZE_SHA256)
+ {
+ return FALSE;
+ }
+ memcpy(digest_values.digests[0].digest.sha256, data.ptr,
+ HASH_SIZE_SHA256);
+ break;
+ case HASH_SHA384:
+ if (data.len != HASH_SIZE_SHA384)
+ {
+ return FALSE;
+ }
+ memcpy(digest_values.digests[0].digest.sha384, data.ptr,
+ HASH_SIZE_SHA384);
+ break;
+ case HASH_SHA512:
+ if (data.len != HASH_SIZE_SHA512)
+ {
+ return FALSE;
+ }
+ memcpy(digest_values.digests[0].digest.sha512, data.ptr,
+ HASH_SIZE_SHA512);
+ break;
+ default:
+ return FALSE;
+ }
+
+ /* extend PCR */
+ rval = Tss2_Sys_PCR_Extend(this->sys_context, pcr_num, &auth_cmd,
+ &digest_values, &auth_rsp);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s PCR %02u could not be extended: 0x%06x",
+ LABEL, pcr_num, rval);
+ return FALSE;
+ }
+
+ /* get updated PCR value */
+ return read_pcr(this, pcr_num, pcr_value, alg);
+}
+
+METHOD(tpm_tss_t, quote, bool,
+ private_tpm_tss_tss2_t *this, uint32_t aik_handle, uint32_t pcr_sel,
+ hash_algorithm_t alg, chunk_t data, tpm_quote_mode_t *quote_mode,
+ tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig)
+{
+ chunk_t quoted_chunk, qualified_signer, extra_data, clock_info,
+ firmware_version, pcr_select, pcr_digest;
+ hash_algorithm_t pcr_digest_alg;
+ bio_reader_t *reader;
+ uint32_t rval;
+
+ TPM2B_DATA qualifying_data;
+ TPML_PCR_SELECTION pcr_selection;
+ TPM2B_ATTEST quoted = { sizeof(TPM2B_ATTEST)-2, };
+ TPMT_SIG_SCHEME scheme;
+ TPMT_SIGNATURE sig;
+ TPMI_ALG_HASH hash_alg;
+ TSS2L_SYS_AUTH_COMMAND auth_cmd = { 1, { auth_cmd_empty } };
+ TSS2L_SYS_AUTH_RESPONSE auth_rsp;
+
+ auth_cmd.auths[0].sessionHandle = TPM2_RS_PW;
+
+ qualifying_data.size = data.len;
+ memcpy(qualifying_data.buffer, data.ptr, data.len);
+
+ scheme.scheme = TPM2_ALG_NULL;
+ memset(&sig, 0x00, sizeof(sig));
+
+ /* set Quote mode */
+ *quote_mode = TPM_QUOTE_TPM2;
+
+ if (!init_pcr_selection(this, pcr_sel, alg, &pcr_selection))
+ {
+ return FALSE;
+ }
+
+ rval = Tss2_Sys_Quote(this->sys_context, aik_handle, &auth_cmd,
+ &qualifying_data, &scheme, &pcr_selection, &quoted,
+ &sig, &auth_rsp);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_Quote failed: 0x%06x", LABEL, rval);
+ return FALSE;
+ }
+ quoted_chunk = chunk_create(quoted.attestationData, quoted.size);
+
+ reader = bio_reader_create(chunk_skip(quoted_chunk, 6));
+ if (!reader->read_data16(reader, &qualified_signer) ||
+ !reader->read_data16(reader, &extra_data) ||
+ !reader->read_data (reader, 17, &clock_info) ||
+ !reader->read_data (reader, 8, &firmware_version) ||
+ !reader->read_data (reader, 10, &pcr_select) ||
+ !reader->read_data16(reader, &pcr_digest))
+ {
+ DBG1(DBG_PTS, "%s parsing of quoted struct failed", LABEL);
+ reader->destroy(reader);
+ return FALSE;
+ }
+ reader->destroy(reader);
+
+ DBG2(DBG_PTS, "PCR Composite digest: %B", &pcr_digest);
+ DBG2(DBG_PTS, "TPM Quote Info: %B", &quoted_chunk);
+ DBG2(DBG_PTS, "qualifiedSigner: %B", &qualified_signer);
+ DBG2(DBG_PTS, "extraData: %B", &extra_data);
+ DBG2(DBG_PTS, "clockInfo: %B", &clock_info);
+ DBG2(DBG_PTS, "firmwareVersion: %B", &firmware_version);
+ DBG2(DBG_PTS, "pcrSelect: %B", &pcr_select);
+
+ /* extract signature */
+ switch (sig.sigAlg)
+ {
+ case TPM2_ALG_RSASSA:
+ case TPM2_ALG_RSAPSS:
+ *quote_sig = chunk_clone(
+ chunk_create(
+ sig.signature.rsassa.sig.buffer,
+ sig.signature.rsassa.sig.size));
+ hash_alg = sig.signature.rsassa.hash;
+ break;
+ case TPM2_ALG_ECDSA:
+ case TPM2_ALG_ECDAA:
+ case TPM2_ALG_SM2:
+ case TPM2_ALG_ECSCHNORR:
+ *quote_sig = chunk_cat("cc",
+ chunk_create(
+ sig.signature.ecdsa.signatureR.buffer,
+ sig.signature.ecdsa.signatureR.size),
+ chunk_create(
+ sig.signature.ecdsa.signatureS.buffer,
+ sig.signature.ecdsa.signatureS.size));
+ hash_alg = sig.signature.ecdsa.hash;
+ break;
+ default:
+ DBG1(DBG_PTS, "%s unsupported %N signature algorithm",
+ LABEL, tpm_alg_id_names, sig.sigAlg);
+ return FALSE;
+ };
+
+ DBG2(DBG_PTS, "PCR digest algorithm is %N", tpm_alg_id_names, hash_alg);
+ pcr_digest_alg = hash_alg_from_tpm_alg_id(hash_alg);
+
+ DBG2(DBG_PTS, "TPM Quote Signature: %B", quote_sig);
+
+ /* Create and initialize Quote Info object */
+ *quote_info = tpm_tss_quote_info_create(*quote_mode, pcr_digest_alg,
+ pcr_digest);
+ (*quote_info)->set_tpm2_info(*quote_info, qualified_signer, clock_info,
+ pcr_select);
+ (*quote_info)->set_version_info(*quote_info, firmware_version);
+
+ return TRUE;
+}
+
+METHOD(tpm_tss_t, sign, bool,
+ private_tpm_tss_tss2_t *this, uint32_t hierarchy, uint32_t handle,
+ signature_scheme_t scheme, void *params, chunk_t data, chunk_t pin,
+ chunk_t *signature)
+{
+ key_type_t key_type;
+ hash_algorithm_t hash_alg;
+ rsa_pss_params_t *rsa_pss_params;
+ uint32_t rval;
+
+ TPM2_ALG_ID alg_id;
+ TPM2B_MAX_BUFFER buffer;
+ TPM2B_DIGEST hash = { sizeof(TPM2B_DIGEST)-2, };
+ TPMT_TK_HASHCHECK validation;
+ TPM2B_PUBLIC public = { 0, };
+ TPMT_SIG_SCHEME sig_scheme;
+ TPMT_SIGNATURE sig;
+ TPMS_AUTH_COMMAND *cmd;
+ TSS2L_SYS_AUTH_COMMAND auth_cmd = { 1, { auth_cmd_empty } };
+ TSS2L_SYS_AUTH_RESPONSE auth_rsp;
+
+ cmd = &auth_cmd.auths[0];
+ cmd->sessionHandle = TPM2_RS_PW;
+
+ if (pin.len > 0)
+ {
+ cmd->hmac.size = min(sizeof(cmd->hmac)-2, pin.len);
+ memcpy(cmd->hmac.buffer, pin.ptr, cmd->hmac.size);
+ }
+
+ if (scheme == SIGN_RSA_EMSA_PSS)
+ {
+ key_type = KEY_RSA;
+ rsa_pss_params = (rsa_pss_params_t *)params;
+ hash_alg = rsa_pss_params->hash;
+ }
+ else
+ {
+ key_type = key_type_from_signature_scheme(scheme);
+ hash_alg = hasher_from_signature_scheme(scheme, NULL);
+ }
+
+ /* Check if hash algorithm is supported by TPM */
+ alg_id = hash_alg_to_tpm_alg_id(hash_alg);
+ if (!is_supported_alg(this, alg_id))
+ {
+ DBG1(DBG_PTS, "%s %N hash algorithm not supported by TPM",
+ LABEL, hash_algorithm_short_names, hash_alg);
+ return FALSE;
+ }
+
+ /* Get public key */
+ if (!read_public(this, handle, &public))
+ {
+ return FALSE;
+ }
+
+ if (key_type == KEY_RSA && public.publicArea.type == TPM2_ALG_RSA)
+ {
+ if (scheme == SIGN_RSA_EMSA_PSS)
+ {
+ sig_scheme.scheme = TPM2_ALG_RSAPSS;
+ sig_scheme.details.rsapss.hashAlg = alg_id;
+ }
+ else
+ {
+ sig_scheme.scheme = TPM2_ALG_RSASSA;
+ sig_scheme.details.rsassa.hashAlg = alg_id;
+ }
+ }
+ else if (key_type == KEY_ECDSA && public.publicArea.type == TPM2_ALG_ECC)
+ {
+ sig_scheme.scheme = TPM2_ALG_ECDSA;
+ sig_scheme.details.ecdsa.hashAlg = alg_id;
+
+ }
+ else
+ {
+ DBG1(DBG_PTS, "%s signature scheme %N not supported by TPM key",
+ LABEL, signature_scheme_names, scheme);
+ return FALSE;
+ }
+
+ if (data.len <= TPM2_MAX_DIGEST_BUFFER)
+ {
+ memcpy(buffer.buffer, data.ptr, data.len);
+ buffer.size = data.len;
+
+ rval = Tss2_Sys_Hash(this->sys_context, 0, &buffer, alg_id, hierarchy,
+ &hash, &validation, 0);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_Hash failed: 0x%06x", LABEL, rval);
+ return FALSE;
+ }
+ }
+ else
+ {
+ TPMI_DH_OBJECT sequence_handle;
+ TPM2B_AUTH null_auth;
+
+ null_auth.size = 0;
+ rval = Tss2_Sys_HashSequenceStart(this->sys_context, 0, &null_auth,
+ alg_id, &sequence_handle, 0);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_HashSequenceStart failed: 0x%06x",
+ LABEL, rval);
+ return FALSE;
+ }
+
+ while (data.len > 0)
+ {
+ buffer.size = min(data.len, TPM2_MAX_DIGEST_BUFFER);
+ memcpy(buffer.buffer, data.ptr, buffer.size);
+ data.ptr += buffer.size;
+ data.len -= buffer.size;
+
+ rval = Tss2_Sys_SequenceUpdate(this->sys_context, sequence_handle,
+ &auth_cmd, &buffer, 0);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_SequenceUpdate failed: 0x%06x",
+ LABEL, rval);
+ return FALSE;
+ }
+ }
+ buffer.size = 0;
+
+ rval = Tss2_Sys_SequenceComplete(this->sys_context, sequence_handle,
+ &auth_cmd, &buffer, hierarchy,
+ &hash, &validation, 0);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_SequenceComplete failed: 0x%06x",
+ LABEL, rval);
+ return FALSE;
+ }
+ }
+
+ rval = Tss2_Sys_Sign(this->sys_context, handle, &auth_cmd, &hash,
+ &sig_scheme, &validation, &sig, &auth_rsp);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_Sign failed: 0x%06x", LABEL, rval);
+ return FALSE;
+ }
+
+ /* extract signature */
+ switch (scheme)
+ {
+ case SIGN_RSA_EMSA_PKCS1_SHA1:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
+ *signature = chunk_clone(
+ chunk_create(
+ sig.signature.rsassa.sig.buffer,
+ sig.signature.rsassa.sig.size));
+ break;
+ case SIGN_RSA_EMSA_PSS:
+ *signature = chunk_clone(
+ chunk_create(
+ sig.signature.rsapss.sig.buffer,
+ sig.signature.rsapss.sig.size));
+ break;
+ case SIGN_ECDSA_256:
+ case SIGN_ECDSA_384:
+ case SIGN_ECDSA_521:
+ *signature = chunk_cat("cc",
+ chunk_create(
+ sig.signature.ecdsa.signatureR.buffer,
+ sig.signature.ecdsa.signatureR.size),
+ chunk_create(
+ sig.signature.ecdsa.signatureS.buffer,
+ sig.signature.ecdsa.signatureS.size));
+ break;
+ case SIGN_ECDSA_WITH_SHA256_DER:
+ case SIGN_ECDSA_WITH_SHA384_DER:
+ case SIGN_ECDSA_WITH_SHA512_DER:
+ *signature = asn1_wrap(ASN1_SEQUENCE, "mm",
+ asn1_integer("c",
+ chunk_create(
+ sig.signature.ecdsa.signatureR.buffer,
+ sig.signature.ecdsa.signatureR.size)),
+ asn1_integer("c",
+ chunk_create(
+ sig.signature.ecdsa.signatureS.buffer,
+ sig.signature.ecdsa.signatureS.size)));
+ break;
+ default:
+ DBG1(DBG_PTS, "%s unsupported %N signature scheme",
+ LABEL, signature_scheme_names, scheme);
+ return FALSE;
+ };
+
+ return TRUE;
+}
+
+METHOD(tpm_tss_t, get_random, bool,
+ private_tpm_tss_tss2_t *this, size_t bytes, uint8_t *buffer)
+{
+ size_t len, random_len= sizeof(TPM2B_DIGEST)-2;
+ TPM2B_DIGEST random = { random_len, };
+ uint8_t *pos = buffer;
+ uint32_t rval;
+
+ while (bytes > 0)
+ {
+ len = min(bytes, random_len);
+
+ rval = Tss2_Sys_GetRandom(this->sys_context, NULL, len, &random, NULL);
+ if (rval != TSS2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_GetRandom failed: 0x%06x", LABEL, rval);
+ return FALSE;
+ }
+ memcpy(pos, random.buffer, random.size);
+ pos += random.size;
+ bytes -= random.size;
+ }
+
+ return TRUE;
+}
+
+METHOD(tpm_tss_t, get_data, bool,
+ private_tpm_tss_tss2_t *this, uint32_t hierarchy, uint32_t handle,
+ chunk_t pin, chunk_t *data)
+{
+ uint16_t max_data_size, nv_size, nv_offset = 0;
+ uint32_t rval;
+
+ TPMS_CAPABILITY_DATA cap_data;
+ TPMI_YES_NO more_data;
+ TPM2B_NAME nv_name = { sizeof(TPM2B_NAME)-2, };
+ TPM2B_NV_PUBLIC nv_public = { 0, };
+ TPM2B_MAX_NV_BUFFER nv_data = { TPM2_MAX_NV_BUFFER_SIZE, };
+ TPMS_AUTH_COMMAND *cmd;
+ TSS2L_SYS_AUTH_COMMAND auth_cmd = { 1, { auth_cmd_empty } };
+ TSS2L_SYS_AUTH_RESPONSE auth_rsp;
+
+ /* query maximum TPM data transmission size */
+ rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM2_CAP_TPM_PROPERTIES,
+ TPM2_PT_NV_BUFFER_MAX, 1, &more_data, &cap_data, 0);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_GetCapability failed for "
+ "TPM2_CAP_TPM_PROPERTIES: 0x%06x", LABEL, rval);
+ return FALSE;
+ }
+ max_data_size = min(cap_data.data.tpmProperties.tpmProperty[0].value,
+ TPM2_MAX_NV_BUFFER_SIZE);
+
+ /* get size of NV object */
+ rval = Tss2_Sys_NV_ReadPublic(this->sys_context, handle, 0, &nv_public,
+ &nv_name, 0);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_NV_ReadPublic failed: 0x%06x", LABEL, rval);
+ return FALSE;
+ }
+ nv_size = nv_public.nvPublic.dataSize;
+ *data = chunk_alloc(nv_size);
+
+ /* prepare NV read session */
+ cmd = &auth_cmd.auths[0];
+ cmd->sessionHandle = TPM2_RS_PW;
+
+ if (pin.len > 0)
+ {
+ cmd->hmac.size = min(sizeof(cmd->hmac)-2, pin.len);
+ memcpy(cmd->hmac.buffer, pin.ptr, cmd->hmac.size);
+ }
+
+ /* read NV data a maximum data size block at a time */
+ while (nv_size > 0)
+ {
+ rval = Tss2_Sys_NV_Read(this->sys_context, hierarchy, handle, &auth_cmd,
+ min(nv_size, max_data_size), nv_offset, &nv_data, &auth_rsp);
+
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_NV_Read failed: 0x%06x", LABEL, rval);
+ chunk_free(data);
+ return FALSE;
+ }
+ memcpy(data->ptr + nv_offset, nv_data.buffer, nv_data.size);
+ nv_offset += nv_data.size;
+ nv_size -= nv_data.size;
+ }
+
+ return TRUE;
+}
+
+METHOD(tpm_tss_t, destroy, void,
+ private_tpm_tss_tss2_t *this)
+{
+ finalize_context(this);
+ free(this);
+}
+
+/**
+ * See header
+ */
+tpm_tss_t *tpm_tss_tss2_create()
+{
+ private_tpm_tss_tss2_t *this;
+ bool available;
+
+ INIT(this,
+ .public = {
+ .get_version = _get_version,
+ .get_version_info = _get_version_info,
+ .generate_aik = _generate_aik,
+ .get_public = _get_public,
+ .read_pcr = _read_pcr,
+ .extend_pcr = _extend_pcr,
+ .quote = _quote,
+ .sign = _sign,
+ .get_random = _get_random,
+ .get_data = _get_data,
+ .destroy = _destroy,
+ },
+ );
+
+ available = initialize_tcti_context(this);
+ if (available)
+ {
+ available = initialize_sys_context(this);
+ }
+ DBG1(DBG_PTS, "TPM 2.0 via TSS2 v2 %savailable", available ? "" : "not ");
+
+ if (!available)
+ {
+ destroy(this);
+ return NULL;
+ }
+ return &this->public;
+}
+
+/**
+ * See header
+ */
+bool tpm_tss_tss2_init(void)
+{
+ TSS2_TCTI_INFO_FUNC infofn;
+ const TSS2_TCTI_INFO *info;
+ char tcti_lib_format[] = "libtss2-tcti-%s.so.0";
+ char tcti_lib[BUF_LEN];
+ char *tcti_names[] = { "device", "tabrmd", "mssim" };
+ char *tcti_options[] = { "/dev/tpmrm0", "", "" };
+ char *tcti_name;
+ bool match = FALSE;
+ struct stat st;
+ int i = 0;
+
+ /* check for the existence of an in-kernel TPM resource manager */
+ if (stat(tcti_options[i], &st))
+ {
+ i = 1;
+ }
+ DBG2(DBG_PTS, "%s \"%s\" in-kernel resource manager is %spresent",
+ LABEL, tcti_options[0], i ? "not " : "");
+
+ /* select a dynamic TCTI library (device, tabrmd or mssim) */
+ tcti_name = lib->settings->get_str(lib->settings,
+ "%s.plugins.tpm.tcti.name", tcti_names[i], lib->ns);
+ snprintf(tcti_lib, BUF_LEN, tcti_lib_format, tcti_name);
+
+ for (i = 0; i < countof(tcti_names); i++)
+ {
+ if (streq(tcti_name, tcti_names[i]))
+ {
+ match = TRUE;
+ break;
+ }
+ }
+ if (!match)
+ {
+ DBG1(DBG_PTS, "%s \"%s\" is not a valid TCTI library name",
+ LABEL, tcti_lib);
+ return FALSE;
+ }
+
+ tcti_opts = lib->settings->get_str(lib->settings,
+ "%s.plugins.tpm.tcti.opts", tcti_options[i], lib->ns);
+
+ /* open the selected dynamic TCTI library */
+ tcti_handle = dlopen(tcti_lib, RTLD_LAZY);
+ if (!tcti_handle)
+ {
+ DBG1(DBG_PTS, "%s could not load \"%s\"", LABEL, tcti_lib);
+ return FALSE;
+ }
+
+ infofn = (TSS2_TCTI_INFO_FUNC)dlsym(tcti_handle, TSS2_TCTI_INFO_SYMBOL);
+ if (!infofn)
+ {
+ DBG1(DBG_PTS, "%s symbol \"%s\" not found in \"%s\"", LABEL,
+ TSS2_TCTI_INFO_SYMBOL, tcti_lib);
+ tpm_tss_tss2_deinit();
+
+ return FALSE;
+ }
+ DBG2(DBG_PTS, "%s \"%s\" successfully loaded", LABEL, tcti_lib);
+ info = infofn();
+ tcti_init = info->init;
+
+ return TRUE;
+}
+
+/**
+ * See header
+ */
+void tpm_tss_tss2_deinit(void)
+{
+ dlclose(tcti_handle);
+ tcti_handle = NULL;
+ tcti_init = NULL;
+ tcti_opts = NULL;
+}
+
+#else /* TSS_TSS2_V2 */
+
+/**
+ * See header
+ */
+bool tpm_tss_tss2_init(void)
+{
+ return TRUE;
+}
+
+/**
+ * See header
+ */
+void tpm_tss_tss2_deinit(void)
+{
+ /* empty */
+}
+
+#endif /* TSS_TSS2_V2 */
+
diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in
index c8450d27f..534e2046c 100644
--- a/src/manager/Makefile.in
+++ b/src/manager/Makefile.in
@@ -329,7 +329,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -355,6 +354,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -375,8 +376,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -431,8 +430,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -461,8 +458,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/manager/main.c b/src/manager/main.c
index 1ba8b1e04..dbde1c098 100644
--- a/src/manager/main.c
+++ b/src/manager/main.c
@@ -50,7 +50,7 @@ int main (int arc, char *argv[])
{
DBG1(DBG_LIB, "database URI undefined, set manager.database "
"in strongswan.conf");
- //return 1;
+ return 1;
}
storage = storage_create(database);
diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in
index 02b5607b1..ea5da2f98 100644
--- a/src/medsrv/Makefile.in
+++ b/src/medsrv/Makefile.in
@@ -318,7 +318,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -344,6 +343,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -364,8 +365,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -420,8 +419,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -450,8 +447,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in
index 8b369b38d..bdc792ec2 100644
--- a/src/pki/Makefile.in
+++ b/src/pki/Makefile.in
@@ -331,7 +331,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -357,6 +356,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -377,8 +378,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -433,8 +432,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -463,8 +460,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c
index 50f939687..ca208a5cf 100644
--- a/src/pki/commands/signcrl.c
+++ b/src/pki/commands/signcrl.c
@@ -124,7 +124,7 @@ static int sign_crl()
char *arg, *cacert = NULL, *cakey = NULL, *lastupdate = NULL, *error = NULL;
char *basecrl = NULL;
char serial[512], *keyid = NULL;
- int serial_len = 0;
+ int serial_len;
crl_reason_t reason = CRL_REASON_UNSPECIFIED;
time_t thisUpdate, nextUpdate, date = time(NULL);
time_t lifetime = 15 * 24 * 60 * 60;
@@ -204,7 +204,6 @@ static int sign_crl()
}
add_revoked(list, chunk_create(serial, serial_len), reason, date);
date = time(NULL);
- serial_len = 0;
reason = CRL_REASON_UNSPECIFIED;
continue;
case 's':
@@ -222,7 +221,6 @@ static int sign_crl()
serial_len = chunk.len;
add_revoked(list, chunk_create(serial, serial_len), reason, date);
date = time(NULL);
- serial_len = 0;
reason = CRL_REASON_UNSPECIFIED;
continue;
}
diff --git a/src/pki/man/Makefile.in b/src/pki/man/Makefile.in
index 533dfcab1..ce9273439 100644
--- a/src/pki/man/Makefile.in
+++ b/src/pki/man/Makefile.in
@@ -268,7 +268,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -294,6 +293,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -314,8 +315,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -370,8 +369,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -400,8 +397,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/pool/Makefile.in b/src/pool/Makefile.in
index e6815434f..cd207bb38 100644
--- a/src/pool/Makefile.in
+++ b/src/pool/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/pt-tls-client/Makefile.in b/src/pt-tls-client/Makefile.in
index 1bab5804f..2fb49b4ef 100644
--- a/src/pt-tls-client/Makefile.in
+++ b/src/pt-tls-client/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in
index 1d5e53241..c0fd915d6 100644
--- a/src/scepclient/Makefile.in
+++ b/src/scepclient/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/scepclient/scepclient.8 b/src/scepclient/scepclient.8
index 126736485..78ce5c628 100644
--- a/src/scepclient/scepclient.8
+++ b/src/scepclient/scepclient.8
@@ -1,7 +1,7 @@
.\"
.TH "IPSEC_SCEPCLIENT" "8" "2012-05-11" "strongSwan" ""
.SH "NAME"
-ipsec_scepclient \- Client for the SCEP protocol
+ipsec scepclient \- Client for the SCEP protocol
.SH "SYNOPSIS"
.B ipsec scepclient [argument ...]
.sp
diff --git a/src/sec-updater/Makefile.in b/src/sec-updater/Makefile.in
index a434b9d34..b66aab7b9 100644
--- a/src/sec-updater/Makefile.in
+++ b/src/sec-updater/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in
index 80fd2c68d..d871a8bcc 100644
--- a/src/starter/Makefile.in
+++ b/src/starter/Makefile.in
@@ -355,7 +355,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -381,6 +380,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -401,8 +402,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -457,8 +456,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -487,8 +484,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/starter/confread.c b/src/starter/confread.c
index 345d0b60b..407ef5e13 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -444,7 +444,7 @@ static void handle_keyword(kw_token_t token, starter_conn_t *conn, char *key,
KW_SA_OPTION_FLAG("yes", "no", SA_OPTION_COMPRESS)
break;
case KW_MARK:
- if (!mark_from_string(value, &conn->mark_in))
+ if (!mark_from_string(value, MARK_OP_UNIQUE, &conn->mark_in))
{
cfg->err++;
break;
@@ -452,13 +452,13 @@ static void handle_keyword(kw_token_t token, starter_conn_t *conn, char *key,
conn->mark_out = conn->mark_in;
break;
case KW_MARK_IN:
- if (!mark_from_string(value, &conn->mark_in))
+ if (!mark_from_string(value, MARK_OP_UNIQUE, &conn->mark_in))
{
cfg->err++;
}
break;
case KW_MARK_OUT:
- if (!mark_from_string(value, &conn->mark_out))
+ if (!mark_from_string(value, MARK_OP_UNIQUE, &conn->mark_out))
{
cfg->err++;
}
diff --git a/src/starter/parser/lexer.c b/src/starter/parser/lexer.c
index d19cee08a..ff7c75bb7 100644
--- a/src/starter/parser/lexer.c
+++ b/src/starter/parser/lexer.c
@@ -657,7 +657,7 @@ bool conf_parser_open_next_file(parser_helper_t *ctx);
static void include_files(parser_helper_t *ctx);
/* use start conditions stack */
-/* do not declare unneded functions */
+/* do not declare unneeded functions */
#define YY_NO_INPUT 1
/* don't use global variables, and interact properly with bison */
/* maintain the line number */
diff --git a/src/starter/parser/lexer.l b/src/starter/parser/lexer.l
index e10fd1b38..fb23a0f93 100644
--- a/src/starter/parser/lexer.l
+++ b/src/starter/parser/lexer.l
@@ -30,7 +30,7 @@ static void include_files(parser_helper_t *ctx);
/* use start conditions stack */
%option stack
-/* do not declare unneded functions */
+/* do not declare unneeded functions */
%option noinput noyywrap
/* don't use global variables, and interact properly with bison */
diff --git a/src/starter/starter.c b/src/starter/starter.c
index 8ca1af29c..5038429bd 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -650,6 +650,7 @@ int main (int argc, char **argv)
*/
if (_action_ & FLAG_ACTION_RELOAD)
{
+ _action_ &= ~FLAG_ACTION_RELOAD;
if (starter_charon_pid())
{
for (conn = cfg->conn_first; conn; conn = conn->next)
@@ -679,7 +680,6 @@ int main (int argc, char **argv)
}
}
}
- _action_ &= ~FLAG_ACTION_RELOAD;
}
/*
@@ -687,6 +687,7 @@ int main (int argc, char **argv)
*/
if (_action_ & FLAG_ACTION_UPDATE)
{
+ _action_ &= ~FLAG_ACTION_UPDATE;
DBG2(DBG_APP, "Reloading config...");
new_cfg = confread_load(config_file);
@@ -767,7 +768,6 @@ int main (int argc, char **argv)
confread_free(new_cfg);
}
}
- _action_ &= ~FLAG_ACTION_UPDATE;
last_reload = time_monotonic(NULL);
}
@@ -776,6 +776,7 @@ int main (int argc, char **argv)
*/
if (_action_ & FLAG_ACTION_START_CHARON)
{
+ _action_ &= ~FLAG_ACTION_START_CHARON;
if (!starter_charon_pid())
{
DBG2(DBG_APP, "Attempting to start %s...", daemon_name);
@@ -786,7 +787,6 @@ int main (int argc, char **argv)
}
starter_stroke_configure(cfg);
}
- _action_ &= ~FLAG_ACTION_START_CHARON;
for (ca = cfg->ca_first; ca; ca = ca->next)
{
diff --git a/src/starter/tests/Makefile.in b/src/starter/tests/Makefile.in
index ce0c7b43c..115c7262d 100644
--- a/src/starter/tests/Makefile.in
+++ b/src/starter/tests/Makefile.in
@@ -307,7 +307,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -333,6 +332,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -353,8 +354,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -409,8 +408,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -439,8 +436,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in
index be31bc581..1c15bd305 100644
--- a/src/stroke/Makefile.in
+++ b/src/stroke/Makefile.in
@@ -281,7 +281,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -307,6 +306,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -327,8 +328,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -383,8 +382,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -413,8 +410,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/sw-collector/Makefile.in b/src/sw-collector/Makefile.in
index 28169508a..2bd25a8b0 100644
--- a/src/sw-collector/Makefile.in
+++ b/src/sw-collector/Makefile.in
@@ -318,7 +318,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -344,6 +343,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -364,8 +365,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -420,8 +419,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -450,8 +447,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/swanctl/Makefile.in b/src/swanctl/Makefile.in
index ea7130bbb..c746573f8 100644
--- a/src/swanctl/Makefile.in
+++ b/src/swanctl/Makefile.in
@@ -331,7 +331,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -357,6 +356,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -377,8 +378,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -433,8 +432,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -463,8 +460,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/swanctl/commands/counters.c b/src/swanctl/commands/counters.c
index ab386b5d8..909ca4366 100644
--- a/src/swanctl/commands/counters.c
+++ b/src/swanctl/commands/counters.c
@@ -48,7 +48,7 @@ static int counters(vici_conn_t *conn)
vici_res_t *res;
command_format_options_t format = COMMAND_FORMAT_NONE;
char *arg, *name = NULL;
- int ret;
+ int ret = 0;
bool all = FALSE, reset = FALSE;
while (TRUE)
@@ -131,7 +131,7 @@ static int counters(vici_conn_t *conn)
}
}
vici_free_res(res);
- return 0;
+ return ret;
}
/**
diff --git a/src/swanctl/commands/initiate.c b/src/swanctl/commands/initiate.c
index 8e452a6f6..bf8d2cd79 100644
--- a/src/swanctl/commands/initiate.c
+++ b/src/swanctl/commands/initiate.c
@@ -131,7 +131,7 @@ static void __attribute__ ((constructor))reg()
{"--child <name> [--ike <name>] [--timeout <s>] [--raw|--pretty]"},
{
{"help", 'h', 0, "show usage information"},
- {"child", 'c', 1, "initate a CHILD_SA configuration"},
+ {"child", 'c', 1, "initiate a CHILD_SA configuration"},
{"ike", 'i', 1, "name of the connection to which the child belongs"},
{"timeout", 't', 1, "timeout in seconds before detaching"},
{"raw", 'r', 0, "dump raw response message"},
diff --git a/src/swanctl/commands/list_conns.c b/src/swanctl/commands/list_conns.c
index f692e9966..5f7dd8189 100644
--- a/src/swanctl/commands/list_conns.c
+++ b/src/swanctl/commands/list_conns.c
@@ -2,7 +2,7 @@
* Copyright (C) 2014 Martin Willi
* Copyright (C) 2014 revosec AG
*
- * Copyright (C) 2016 Andreas Steffen
+ * Copyright (C) 2016-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -199,6 +199,10 @@ CALLBACK(conn_sn, int,
{
printf(" groups: %s\n", auth->get(auth, "groups"));
}
+ if (auth->get(auth, "cert_policy"))
+ {
+ printf(" cert policy: %s\n", auth->get(auth, "cert_policy"));
+ }
if (auth->get(auth, "certs"))
{
printf(" certs: %s\n", auth->get(auth, "certs"));
@@ -234,7 +238,7 @@ CALLBACK(conns, int,
void *null, vici_res_t *res, char *name)
{
int ret;
- char *version, *reauth_time, *rekey_time, *dpd_delay;
+ char *version, *reauth_time, *rekey_time, *dpd_delay, *ppk_id, *ppk_req;
hashtable_t *ike;
version = vici_find_str(res, "", "%s.version", name);
@@ -278,6 +282,14 @@ CALLBACK(conns, int,
}
printf("\n");
+ ppk_id = vici_find_str(res, NULL, "%s.ppk_id", name);
+ ppk_req = vici_find_str(res, NULL, "%s.ppk_required", name);
+ if (ppk_id || ppk_req)
+ {
+ printf(" ppk: %s%s%srequired\n", ppk_id ?: "", ppk_id ? ", " : "",
+ !ppk_req || !streq(ppk_req, "yes") ? "not " : "");
+ }
+
ret = vici_parse_cb(res, conn_sn, NULL, conn_list, ike);
free_hashtable(ike);
return ret;
diff --git a/src/swanctl/commands/list_sas.c b/src/swanctl/commands/list_sas.c
index 28602fc65..232f03cc2 100644
--- a/src/swanctl/commands/list_sas.c
+++ b/src/swanctl/commands/list_sas.c
@@ -266,6 +266,10 @@ CALLBACK(ike_sa, int,
}
printf("/%s", ike->get(ike, "prf-alg"));
printf("/%s", ike->get(ike, "dh-group"));
+ if (streq(ike->get(ike, "ppk"), "yes"))
+ {
+ printf("/PPK");
+ }
printf("\n");
}
diff --git a/src/swanctl/commands/load_all.c b/src/swanctl/commands/load_all.c
index 0010ce140..26f043a6a 100644
--- a/src/swanctl/commands/load_all.c
+++ b/src/swanctl/commands/load_all.c
@@ -31,8 +31,8 @@ static int load_all(vici_conn_t *conn)
bool clear = FALSE, noprompt = FALSE;
command_format_options_t format = COMMAND_FORMAT_NONE;
settings_t *cfg;
+ char *arg, *file = SWANCTL_CONF;
int ret = 0;
- char *arg;
while (TRUE)
{
@@ -52,6 +52,9 @@ static int load_all(vici_conn_t *conn)
case 'r':
format |= COMMAND_FORMAT_RAW;
continue;
+ case 'f':
+ file = arg;
+ continue;
case EOF:
break;
default:
@@ -60,10 +63,10 @@ static int load_all(vici_conn_t *conn)
break;
}
- cfg = settings_create(SWANCTL_CONF);
+ cfg = settings_create(file);
if (!cfg)
{
- fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ fprintf(stderr, "parsing '%s' failed\n", file);
return EINVAL;
}
@@ -104,6 +107,7 @@ static void __attribute__ ((constructor))reg()
{"noprompt", 'n', 0, "do not prompt for passwords"},
{"raw", 'r', 0, "dump raw response message"},
{"pretty", 'P', 0, "dump raw response message in pretty print"},
+ {"file", 'f', 1, "custom path to swanctl.conf"},
}
});
}
diff --git a/src/swanctl/commands/load_authorities.c b/src/swanctl/commands/load_authorities.c
index d82c0f98e..61682a386 100644
--- a/src/swanctl/commands/load_authorities.c
+++ b/src/swanctl/commands/load_authorities.c
@@ -310,7 +310,7 @@ static int load_authorities(vici_conn_t *conn)
{
command_format_options_t format = COMMAND_FORMAT_NONE;
settings_t *cfg;
- char *arg;
+ char *arg, *file = SWANCTL_CONF;
int ret;
while (TRUE)
@@ -325,6 +325,9 @@ static int load_authorities(vici_conn_t *conn)
case 'r':
format |= COMMAND_FORMAT_RAW;
continue;
+ case 'f':
+ file = arg;
+ continue;
case EOF:
break;
default:
@@ -333,10 +336,10 @@ static int load_authorities(vici_conn_t *conn)
break;
}
- cfg = settings_create(SWANCTL_CONF);
+ cfg = settings_create(file);
if (!cfg)
{
- fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ fprintf(stderr, "parsing '%s' failed\n", file);
return EINVAL;
}
@@ -360,6 +363,7 @@ static void __attribute__ ((constructor))reg()
{"help", 'h', 0, "show usage information"},
{"raw", 'r', 0, "dump raw response message"},
{"pretty", 'P', 0, "dump raw response message in pretty print"},
+ {"file", 'f', 1, "custom path to swanctl.conf"},
}
});
}
diff --git a/src/swanctl/commands/load_conns.c b/src/swanctl/commands/load_conns.c
index 0518ef54f..dad03945d 100644
--- a/src/swanctl/commands/load_conns.c
+++ b/src/swanctl/commands/load_conns.c
@@ -425,7 +425,7 @@ static int load_conns(vici_conn_t *conn)
{
command_format_options_t format = COMMAND_FORMAT_NONE;
settings_t *cfg;
- char *arg;
+ char *arg, *file = SWANCTL_CONF;
int ret;
while (TRUE)
@@ -440,6 +440,9 @@ static int load_conns(vici_conn_t *conn)
case 'r':
format |= COMMAND_FORMAT_RAW;
continue;
+ case 'f':
+ file = arg;
+ continue;
case EOF:
break;
default:
@@ -448,10 +451,10 @@ static int load_conns(vici_conn_t *conn)
break;
}
- cfg = settings_create(SWANCTL_CONF);
+ cfg = settings_create(file);
if (!cfg)
{
- fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ fprintf(stderr, "parsing '%s' failed\n", file);
return EINVAL;
}
@@ -474,6 +477,7 @@ static void __attribute__ ((constructor))reg()
{"help", 'h', 0, "show usage information"},
{"raw", 'r', 0, "dump raw response message"},
{"pretty", 'P', 0, "dump raw response message in pretty print"},
+ {"file", 'f', 1, "custom path to swanctl.conf"},
}
});
}
diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c
index 15ef2f151..a9e352f7e 100644
--- a/src/swanctl/commands/load_creds.c
+++ b/src/swanctl/commands/load_creds.c
@@ -665,6 +665,7 @@ static bool load_secret(load_ctx_t *ctx, char *section)
"xauth",
"ntlm",
"ike",
+ "ppk",
"private",
"rsa",
"ecdsa",
@@ -688,7 +689,7 @@ static bool load_secret(load_ctx_t *ctx, char *section)
return FALSE;
}
if (!streq(type, "eap") && !streq(type, "xauth") && !streq(type, "ntlm") &&
- !streq(type, "ike"))
+ !streq(type, "ike") && !streq(type, "ppk"))
{ /* skip non-shared secrets */
return TRUE;
}
@@ -945,7 +946,7 @@ static int load_creds(vici_conn_t *conn)
bool clear = FALSE, noprompt = FALSE;
command_format_options_t format = COMMAND_FORMAT_NONE;
settings_t *cfg;
- char *arg;
+ char *arg, *file = SWANCTL_CONF;
int ret;
while (TRUE)
@@ -966,6 +967,9 @@ static int load_creds(vici_conn_t *conn)
case 'r':
format |= COMMAND_FORMAT_RAW;
continue;
+ case 'f':
+ file = arg;
+ continue;
case EOF:
break;
default:
@@ -974,10 +978,10 @@ static int load_creds(vici_conn_t *conn)
break;
}
- cfg = settings_create(SWANCTL_CONF);
+ cfg = settings_create(file);
if (!cfg)
{
- fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ fprintf(stderr, "parsing '%s' failed\n", file);
return EINVAL;
}
@@ -1002,6 +1006,7 @@ static void __attribute__ ((constructor))reg()
{"noprompt", 'n', 0, "do not prompt for passwords"},
{"raw", 'r', 0, "dump raw response message"},
{"pretty", 'P', 0, "dump raw response message in pretty print"},
+ {"file", 'f', 1, "custom path to swanctl.conf"},
}
});
}
diff --git a/src/swanctl/commands/load_pools.c b/src/swanctl/commands/load_pools.c
index feb8d3a52..ec9508efb 100644
--- a/src/swanctl/commands/load_pools.c
+++ b/src/swanctl/commands/load_pools.c
@@ -251,7 +251,7 @@ static int load_pools(vici_conn_t *conn)
{
command_format_options_t format = COMMAND_FORMAT_NONE;
settings_t *cfg;
- char *arg;
+ char *arg, *file = SWANCTL_CONF;
int ret;
while (TRUE)
@@ -266,6 +266,9 @@ static int load_pools(vici_conn_t *conn)
case 'r':
format |= COMMAND_FORMAT_RAW;
continue;
+ case 'f':
+ file = arg;
+ continue;
case EOF:
break;
default:
@@ -274,10 +277,10 @@ static int load_pools(vici_conn_t *conn)
break;
}
- cfg = settings_create(SWANCTL_CONF);
+ cfg = settings_create(file);
if (!cfg)
{
- fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ fprintf(stderr, "parsing '%s' failed\n", file);
return EINVAL;
}
@@ -300,6 +303,7 @@ static void __attribute__ ((constructor))reg()
{"help", 'h', 0, "show usage information"},
{"raw", 'r', 0, "dump raw response message"},
{"pretty", 'P', 0, "dump raw response message in pretty print"},
+ {"file", 'f', 1, "custom path to swanctl.conf"},
}
});
}
diff --git a/src/swanctl/commands/rekey.c b/src/swanctl/commands/rekey.c
index 47a313657..f44ecaa3c 100644
--- a/src/swanctl/commands/rekey.c
+++ b/src/swanctl/commands/rekey.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2017 Tobias Brunner
+ * Copyright (C) 2017-2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -24,6 +24,7 @@ static int rekey(vici_conn_t *conn)
command_format_options_t format = COMMAND_FORMAT_NONE;
char *arg, *child = NULL, *ike = NULL;
int ret = 0, child_id = 0, ike_id = 0;
+ bool reauth = FALSE;
while (TRUE)
{
@@ -49,6 +50,9 @@ static int rekey(vici_conn_t *conn)
case 'I':
ike_id = atoi(arg);
continue;
+ case 'a':
+ reauth = TRUE;
+ continue;
case EOF:
break;
default:
@@ -74,6 +78,10 @@ static int rekey(vici_conn_t *conn)
{
vici_add_key_valuef(req, "ike-id", "%d", ike_id);
}
+ if (reauth)
+ {
+ vici_add_key_valuef(req, "reauth", "yes");
+ }
res = vici_submit(req, conn);
if (!res)
{
@@ -111,13 +119,14 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
rekey, 'R', "rekey", "rekey an SA",
{"--child <name> | --ike <name | --child-id <id> | --ike-id <id>",
- "[--raw|--pretty]"},
+ "[--reauth] [--raw|--pretty]"},
{
{"help", 'h', 0, "show usage information"},
{"child", 'c', 1, "rekey by CHILD_SA name"},
{"ike", 'i', 1, "rekey by IKE_SA name"},
{"child-id", 'C', 1, "rekey by CHILD_SA unique identifier"},
{"ike-id", 'I', 1, "rekey by IKE_SA unique identifier"},
+ {"reauth", 'a', 0, "reauthenticate instead of rekey an IKEv2 SA"},
{"raw", 'r', 0, "dump raw response message"},
{"pretty", 'P', 0, "dump raw response message in pretty print"},
}
diff --git a/src/swanctl/swanctl.conf b/src/swanctl/swanctl.conf
index 9b87a963a..c50f20dc6 100644
--- a/src/swanctl/swanctl.conf
+++ b/src/swanctl/swanctl.conf
@@ -56,6 +56,13 @@
# Send certificate payloads (always, never or ifasked).
# send_cert = ifasked
+ # String identifying the Postquantum Preshared Key (PPK) to be used.
+ # ppk_id =
+
+ # Whether a Postquantum Preshared Key (PPK) is required for this
+ # connection.
+ # ppk_required = no
+
# Number of retransmission sequences to perform during initial connect.
# keyingtries = 1
@@ -311,6 +318,14 @@
# Netfilter mark and mask for output traffic.
# mark_out = 0/0x00000000
+ # Netfilter mark applied to packets after the inbound IPsec SA
+ # processed them.
+ # set_mark_in = 0/0x00000000
+
+ # Netfilter mark applied to packets after the outbound IPsec SA
+ # processed them.
+ # set_mark_out = 0/0x00000000
+
# Traffic Flow Confidentiality padding.
# tfc_padding = 0
@@ -321,6 +336,18 @@
# IPsec implementation.
# hw_offload = no
+ # Whether to copy the DF bit to the outer IPv4 header in tunnel
+ # mode.
+ # copy_df = yes
+
+ # Whether to copy the ECN header field to/from the outer IP
+ # header in tunnel mode.
+ # copy_ecn = yes
+
+ # Whether to copy the DSCP header field to/from the outer IP
+ # header in tunnel mode.
+ # copy_dscp = out
+
# Action to perform after loading the configuration (none, trap,
# start).
# start_action = none
@@ -379,6 +406,17 @@
# }
+ # Postquantum Preshared Key (PPK) section for a specific secret.
+ # ppk<suffix> {
+
+ # Value of the PPK.
+ # secret =
+
+ # PPK identity the PPK belongs to.
+ # id<suffix> =
+
+ # }
+
# Private key decryption passphrase for a key in the private folder.
# private<suffix> {
diff --git a/src/swanctl/swanctl.conf.5.head.in b/src/swanctl/swanctl.conf.5.head.in
index 5742d2593..a14225df0 100644
--- a/src/swanctl/swanctl.conf.5.head.in
+++ b/src/swanctl/swanctl.conf.5.head.in
@@ -6,8 +6,8 @@ swanctl.conf is the configuration file used by the
.BR swanctl (8)
tool to load configurations and credentials into the strongSwan IKE daemon.
-For a description of the basic file syntax, including how to split the
-configuration in multiple files by including other files, refer to
+For a description of the basic file syntax, including how to reference sections
+or split the configuration in multiple files by including other files, refer to
.BR strongswan.conf (5).
.SH TIME FORMATS
diff --git a/src/swanctl/swanctl.conf.5.main b/src/swanctl/swanctl.conf.5.main
index 1f7e3a2cc..1f8900959 100644
--- a/src/swanctl/swanctl.conf.5.main
+++ b/src/swanctl/swanctl.conf.5.main
@@ -217,6 +217,14 @@ causes certificate payloads to be sent unconditionally
whenever certificate authentication is used.
.TP
+.BR connections.<conn>.ppk_id " []"
+String identifying the Postquantum Preshared Key (PPK) to be used.
+
+.TP
+.BR connections.<conn>.ppk_required " [no]"
+Whether a Postquantum Preshared Key (PPK) is required for this connection.
+
+.TP
.BR connections.<conn>.keyingtries " [1]"
Number of retransmission sequences to perform during initial connect. Instead of
giving up initiation after the first retransmission sequence with the default
@@ -1127,6 +1135,52 @@ The default
mask if omitted is 0xffffffff.
.TP
+.BR connections.<conn>.children.<child>.set_mark_in " [0/0x00000000]"
+Netfilter mark applied to packets after the inbound IPsec SA processed them.
+This way it's not necessary to mark packets via Netfilter before decryption or
+right afterwards to match policies or process them differently (e.g. via policy
+routing).
+
+An additional mask may be appended to the mark, separated by
+.RI "" "/" "."
+The default
+mask if omitted is 0xffffffff. The special value
+.RI "" "%same" ""
+uses the value (but not
+the mask) from
+.RB "" "mark_in" ""
+as mark value, which can be fixed,
+.RI "" "%unique" ""
+or
+.RI "" "%unique\-dir" "."
+
+
+Setting marks in XFRM input requires Linux 4.19 or higher.
+
+.TP
+.BR connections.<conn>.children.<child>.set_mark_out " [0/0x00000000]"
+Netfilter mark applied to packets after the outbound IPsec SA processed them.
+This allows processing ESP packets differently than the original traffic (e.g.
+via policy routing).
+
+An additional mask may be appended to the mark, separated by
+.RI "" "/" "."
+The default
+mask if omitted is 0xffffffff. The special value
+.RI "" "%same" ""
+uses the value (but not
+the mask) from
+.RB "" "mark_out" ""
+as mark value, which can be fixed,
+.RI "" "%unique" ""
+or
+.RI "" "%unique\-dir" "."
+
+
+Setting marks in XFRM output is supported since Linux 4.14. Setting a mask
+requires at least Linux 4.19.
+
+.TP
.BR connections.<conn>.children.<child>.tfc_padding " [0]"
Pads ESP packets with additional data to have a consistent ESP packet size for
improved Traffic Flow Confidentiality. The padding defines the minimum size of
@@ -1155,6 +1209,44 @@ enables offloading, if it's supported, but the installation does not fail
otherwise.
.TP
+.BR connections.<conn>.children.<child>.copy_df " [yes]"
+Whether to copy the DF bit to the outer IPv4 header in tunnel mode. This
+effectively disables Path MTU discovery (PMTUD). Controlling this behavior is
+not supported by all kernel interfaces.
+
+.TP
+.BR connections.<conn>.children.<child>.copy_ecn " [yes]"
+Whether to copy the ECN (Explicit Congestion Notification) header field to/from
+the outer IP header in tunnel mode. Controlling this behavior is not supported
+by all kernel interfaces.
+
+.TP
+.BR connections.<conn>.children.<child>.copy_dscp " [out]"
+Whether to copy the DSCP (Differentiated Services Field Codepoint) header field
+to/from the outer IP header in tunnel mode. The value
+.RI "" "out" ""
+only copies the
+field from the inner to the outer header, the value
+.RI "" "in" ""
+does the opposite and
+only copies the field from the outer to the inner header when decapsulating, the
+value
+.RI "" "yes" ""
+copies the field in both directions, and the value
+.RI "" "no" ""
+disables
+copying the field altogether. Setting this to
+.RI "" "yes" ""
+or
+.RI "" "in" ""
+could allow an
+attacker to adversely affect other traffic at the receiver, which is why the
+default is
+.RI "" "out" "."
+Controlling this behavior is not supported by all kernel
+interfaces.
+
+.TP
.BR connections.<conn>.children.<child>.start_action " [none]"
Action to perform after loading the configuration. The default of
.RI "" "none" ""
@@ -1297,6 +1389,31 @@ prefix, if a secret is shared between multiple
peers.
.TP
+.B secrets.ppk<suffix>
+.br
+Postquantum Preshared Key (PPK) section for a specific secret. Each PPK is
+defined in a unique section having the
+.RI "" "ppk" ""
+prefix.
+
+.TP
+.BR secrets.ppk<suffix>.secret " []"
+Value of the PPK. It may either be an ASCII string, a hex encoded string if
+it has a
+.RI "" "0x" ""
+prefix or a Base64 encoded string if it has a
+.RI "" "0s" ""
+prefix in its
+value. Should have at least 256 bits of entropy for 128\-bit security.
+
+.TP
+.BR secrets.ppk<suffix>.id<suffix> " []"
+PPK identity the PPK belongs to. Multiple unique identities may be specified,
+each having an
+.RI "" "id" ""
+prefix, if a secret is shared between multiple peers.
+
+.TP
.B secrets.private<suffix>
.br
Private key decryption passphrase for a key in the
diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt
index 120e5812e..1c1e85e3e 100644
--- a/src/swanctl/swanctl.opt
+++ b/src/swanctl/swanctl.opt
@@ -188,6 +188,12 @@ connections.<conn>.send_cert = ifasked
certificate payloads altogether, _always_ causes certificate payloads to be
sent unconditionally whenever certificate authentication is used.
+connections.<conn>.ppk_id =
+ String identifying the Postquantum Preshared Key (PPK) to be used.
+
+connections.<conn>.ppk_required = no
+ Whether a Postquantum Preshared Key (PPK) is required for this connection.
+
connections.<conn>.keyingtries = 1
Number of retransmission sequences to perform during initial connect.
@@ -910,6 +916,37 @@ connections.<conn>.children.<child>.mark_out = 0/0x00000000
An additional mask may be appended to the mark, separated by _/_. The
default mask if omitted is 0xffffffff.
+connections.<conn>.children.<child>.set_mark_in = 0/0x00000000
+ Netfilter mark applied to packets after the inbound IPsec SA processed them.
+
+ Netfilter mark applied to packets after the inbound IPsec SA processed them.
+ This way it's not necessary to mark packets via Netfilter before decryption
+ or right afterwards to match policies or process them differently (e.g. via
+ policy routing).
+
+ An additional mask may be appended to the mark, separated by _/_. The
+ default mask if omitted is 0xffffffff. The special value _%same_ uses
+ the value (but not the mask) from **mark_in** as mark value, which can be
+ fixed, _%unique_ or _%unique-dir_.
+
+ Setting marks in XFRM input requires Linux 4.19 or higher.
+
+connections.<conn>.children.<child>.set_mark_out = 0/0x00000000
+ Netfilter mark applied to packets after the outbound IPsec SA processed
+ them.
+
+ Netfilter mark applied to packets after the outbound IPsec SA processed
+ them. This allows processing ESP packets differently than the original
+ traffic (e.g. via policy routing).
+
+ An additional mask may be appended to the mark, separated by _/_. The
+ default mask if omitted is 0xffffffff. The special value _%same_ uses
+ the value (but not the mask) from **mark_out** as mark value, which can be
+ fixed, _%unique_ or _%unique-dir_.
+
+ Setting marks in XFRM output is supported since Linux 4.14. Setting a mask
+ requires at least Linux 4.19.
+
connections.<conn>.children.<child>.tfc_padding = 0
Traffic Flow Confidentiality padding.
@@ -937,6 +974,35 @@ connections.<conn>.children.<child>.hw_offload = no
enables offloading, if it's supported, but the installation does not fail
otherwise.
+connections.<conn>.children.<child>.copy_df = yes
+ Whether to copy the DF bit to the outer IPv4 header in tunnel mode.
+
+ Whether to copy the DF bit to the outer IPv4 header in tunnel mode. This
+ effectively disables Path MTU discovery (PMTUD). Controlling this behavior
+ is not supported by all kernel interfaces.
+
+connections.<conn>.children.<child>.copy_ecn = yes
+ Whether to copy the ECN header field to/from the outer IP header in tunnel
+ mode.
+
+ Whether to copy the ECN (Explicit Congestion Notification) header field
+ to/from the outer IP header in tunnel mode. Controlling this behavior is not
+ supported by all kernel interfaces.
+
+connections.<conn>.children.<child>.copy_dscp = out
+ Whether to copy the DSCP header field to/from the outer IP header in tunnel
+ mode.
+
+ Whether to copy the DSCP (Differentiated Services Field Codepoint) header
+ field to/from the outer IP header in tunnel mode. The value _out_ only
+ copies the field from the inner to the outer header, the value _in_ does the
+ opposite and only copies the field from the outer to the inner header when
+ decapsulating, the value _yes_ copies the field in both directions, and the
+ value _no_ disables copying the field altogether. Setting this to _yes_ or
+ _in_ could allow an attacker to adversely affect other traffic at the
+ receiver, which is why the default is _out_. Controlling this behavior is
+ not supported by all kernel interfaces.
+
connections.<conn>.children.<child>.start_action = none
Action to perform after loading the configuration (_none_, _trap_, _start_).
@@ -1047,6 +1113,26 @@ secrets.ike<suffix>.id<suffix> =
may be specified, each having an _id_ prefix, if a secret is shared between
multiple peers.
+secrets.ppk<suffix> { # }
+ Postquantum Preshared Key (PPK) section for a specific secret.
+
+ Postquantum Preshared Key (PPK) section for a specific secret. Each PPK is
+ defined in a unique section having the _ppk_ prefix.
+
+secrets.ppk<suffix>.secret =
+ Value of the PPK.
+
+ Value of the PPK. It may either be an ASCII string, a hex encoded string if
+ it has a _0x_ prefix or a Base64 encoded string if it has a _0s_ prefix in
+ its value. Should have at least 256 bits of entropy for 128-bit security.
+
+secrets.ppk<suffix>.id<suffix> =
+ PPK identity the PPK belongs to.
+
+ PPK identity the PPK belongs to. Multiple unique identities
+ may be specified, each having an _id_ prefix, if a secret is shared between
+ multiple peers.
+
secrets.private<suffix> { # }
Private key decryption passphrase for a key in the _private_ folder.
diff --git a/src/tpm_extendpcr/Makefile.in b/src/tpm_extendpcr/Makefile.in
index 0ce681c69..84867829c 100644
--- a/src/tpm_extendpcr/Makefile.in
+++ b/src/tpm_extendpcr/Makefile.in
@@ -280,7 +280,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -306,6 +305,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -326,8 +327,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -382,8 +381,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -412,8 +409,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/testing/Makefile.in b/testing/Makefile.in
index 1c244c66e..22de00b50 100644
--- a/testing/Makefile.in
+++ b/testing/Makefile.in
@@ -227,7 +227,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -253,6 +252,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -273,8 +274,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -329,8 +328,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -359,8 +356,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/testing/config/kernel/config-4.18 b/testing/config/kernel/config-4.18
new file mode 100644
index 000000000..2d21a556d
--- /dev/null
+++ b/testing/config/kernel/config-4.18
@@ -0,0 +1,2653 @@
+#
+# Automatically generated file; DO NOT EDIT.
+# Linux/x86 4.18.7 Kernel Configuration
+#
+
+#
+# Compiler: gcc (Ubuntu 5.4.0-6ubuntu1~16.04.10) 5.4.0 20160609
+#
+CONFIG_64BIT=y
+CONFIG_X86_64=y
+CONFIG_X86=y
+CONFIG_INSTRUCTION_DECODER=y
+CONFIG_OUTPUT_FORMAT="elf64-x86-64"
+CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig"
+CONFIG_LOCKDEP_SUPPORT=y
+CONFIG_STACKTRACE_SUPPORT=y
+CONFIG_MMU=y
+CONFIG_ARCH_MMAP_RND_BITS_MIN=28
+CONFIG_ARCH_MMAP_RND_BITS_MAX=32
+CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8
+CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16
+CONFIG_GENERIC_ISA_DMA=y
+CONFIG_GENERIC_BUG=y
+CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y
+CONFIG_GENERIC_HWEIGHT=y
+CONFIG_ARCH_MAY_HAVE_PC_FDC=y
+CONFIG_RWSEM_XCHGADD_ALGORITHM=y
+CONFIG_GENERIC_CALIBRATE_DELAY=y
+CONFIG_ARCH_HAS_CPU_RELAX=y
+CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y
+CONFIG_ARCH_HAS_FILTER_PGPROT=y
+CONFIG_HAVE_SETUP_PER_CPU_AREA=y
+CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y
+CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y
+CONFIG_ARCH_HIBERNATION_POSSIBLE=y
+CONFIG_ARCH_SUSPEND_POSSIBLE=y
+CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y
+CONFIG_ARCH_WANT_GENERAL_HUGETLB=y
+CONFIG_ZONE_DMA32=y
+CONFIG_AUDIT_ARCH=y
+CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y
+CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y
+CONFIG_ARCH_SUPPORTS_UPROBES=y
+CONFIG_FIX_EARLYCON_MEM=y
+CONFIG_PGTABLE_LEVELS=4
+CONFIG_CC_IS_GCC=y
+CONFIG_GCC_VERSION=50400
+CONFIG_CLANG_VERSION=0
+CONFIG_IRQ_WORK=y
+CONFIG_BUILDTIME_EXTABLE_SORT=y
+CONFIG_THREAD_INFO_IN_TASK=y
+
+#
+# General setup
+#
+CONFIG_BROKEN_ON_SMP=y
+CONFIG_INIT_ENV_ARG_LIMIT=32
+# CONFIG_COMPILE_TEST is not set
+CONFIG_LOCALVERSION=""
+CONFIG_LOCALVERSION_AUTO=y
+CONFIG_HAVE_KERNEL_GZIP=y
+CONFIG_HAVE_KERNEL_BZIP2=y
+CONFIG_HAVE_KERNEL_LZMA=y
+CONFIG_HAVE_KERNEL_XZ=y
+CONFIG_HAVE_KERNEL_LZO=y
+CONFIG_HAVE_KERNEL_LZ4=y
+CONFIG_KERNEL_GZIP=y
+# CONFIG_KERNEL_BZIP2 is not set
+# CONFIG_KERNEL_LZMA is not set
+# CONFIG_KERNEL_XZ is not set
+# CONFIG_KERNEL_LZO is not set
+# CONFIG_KERNEL_LZ4 is not set
+CONFIG_DEFAULT_HOSTNAME="(none)"
+CONFIG_SWAP=y
+CONFIG_SYSVIPC=y
+CONFIG_SYSVIPC_SYSCTL=y
+CONFIG_POSIX_MQUEUE=y
+CONFIG_POSIX_MQUEUE_SYSCTL=y
+CONFIG_CROSS_MEMORY_ATTACH=y
+CONFIG_USELIB=y
+# CONFIG_AUDIT is not set
+CONFIG_HAVE_ARCH_AUDITSYSCALL=y
+
+#
+# IRQ subsystem
+#
+CONFIG_GENERIC_IRQ_PROBE=y
+CONFIG_GENERIC_IRQ_SHOW=y
+CONFIG_IRQ_DOMAIN=y
+CONFIG_IRQ_DOMAIN_HIERARCHY=y
+CONFIG_GENERIC_MSI_IRQ=y
+CONFIG_GENERIC_MSI_IRQ_DOMAIN=y
+CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=y
+CONFIG_GENERIC_IRQ_RESERVATION_MODE=y
+CONFIG_IRQ_FORCED_THREADING=y
+CONFIG_SPARSE_IRQ=y
+CONFIG_CLOCKSOURCE_WATCHDOG=y
+CONFIG_ARCH_CLOCKSOURCE_DATA=y
+CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y
+CONFIG_GENERIC_TIME_VSYSCALL=y
+CONFIG_GENERIC_CLOCKEVENTS=y
+CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y
+CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y
+CONFIG_GENERIC_CMOS_UPDATE=y
+
+#
+# Timers subsystem
+#
+CONFIG_TICK_ONESHOT=y
+CONFIG_NO_HZ_COMMON=y
+# CONFIG_HZ_PERIODIC is not set
+CONFIG_NO_HZ_IDLE=y
+CONFIG_NO_HZ=y
+CONFIG_HIGH_RES_TIMERS=y
+
+#
+# CPU/Task time and stats accounting
+#
+CONFIG_TICK_CPU_ACCOUNTING=y
+# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
+# CONFIG_IRQ_TIME_ACCOUNTING is not set
+CONFIG_BSD_PROCESS_ACCT=y
+# CONFIG_BSD_PROCESS_ACCT_V3 is not set
+# CONFIG_TASKSTATS is not set
+
+#
+# RCU Subsystem
+#
+CONFIG_TINY_RCU=y
+# CONFIG_RCU_EXPERT is not set
+CONFIG_SRCU=y
+CONFIG_TINY_SRCU=y
+CONFIG_BUILD_BIN2C=y
+CONFIG_IKCONFIG=y
+CONFIG_IKCONFIG_PROC=y
+CONFIG_LOG_BUF_SHIFT=14
+CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13
+CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
+CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y
+CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y
+CONFIG_ARCH_SUPPORTS_INT128=y
+CONFIG_CGROUPS=y
+CONFIG_PAGE_COUNTER=y
+CONFIG_MEMCG=y
+CONFIG_MEMCG_SWAP=y
+CONFIG_MEMCG_SWAP_ENABLED=y
+CONFIG_BLK_CGROUP=y
+# CONFIG_DEBUG_BLK_CGROUP is not set
+CONFIG_CGROUP_WRITEBACK=y
+CONFIG_CGROUP_SCHED=y
+CONFIG_FAIR_GROUP_SCHED=y
+CONFIG_CFS_BANDWIDTH=y
+# CONFIG_RT_GROUP_SCHED is not set
+CONFIG_CGROUP_PIDS=y
+# CONFIG_CGROUP_RDMA is not set
+CONFIG_CGROUP_FREEZER=y
+CONFIG_CGROUP_DEVICE=y
+CONFIG_CGROUP_CPUACCT=y
+CONFIG_CGROUP_PERF=y
+# CONFIG_CGROUP_DEBUG is not set
+CONFIG_SOCK_CGROUP_DATA=y
+CONFIG_NAMESPACES=y
+# CONFIG_UTS_NS is not set
+# CONFIG_IPC_NS is not set
+# CONFIG_USER_NS is not set
+# CONFIG_PID_NS is not set
+# CONFIG_NET_NS is not set
+# CONFIG_SCHED_AUTOGROUP is not set
+# CONFIG_SYSFS_DEPRECATED is not set
+# CONFIG_RELAY is not set
+# CONFIG_BLK_DEV_INITRD is not set
+# CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE is not set
+CONFIG_CC_OPTIMIZE_FOR_SIZE=y
+CONFIG_SYSCTL=y
+CONFIG_ANON_INODES=y
+CONFIG_SYSCTL_EXCEPTION_TRACE=y
+CONFIG_HAVE_PCSPKR_PLATFORM=y
+CONFIG_BPF=y
+# CONFIG_EXPERT is not set
+CONFIG_MULTIUSER=y
+CONFIG_SGETMASK_SYSCALL=y
+CONFIG_SYSFS_SYSCALL=y
+CONFIG_FHANDLE=y
+CONFIG_POSIX_TIMERS=y
+CONFIG_PRINTK=y
+CONFIG_PRINTK_NMI=y
+CONFIG_BUG=y
+CONFIG_ELF_CORE=y
+CONFIG_PCSPKR_PLATFORM=y
+CONFIG_BASE_FULL=y
+CONFIG_FUTEX=y
+CONFIG_FUTEX_PI=y
+CONFIG_EPOLL=y
+CONFIG_SIGNALFD=y
+CONFIG_TIMERFD=y
+CONFIG_EVENTFD=y
+CONFIG_SHMEM=y
+CONFIG_AIO=y
+CONFIG_ADVISE_SYSCALLS=y
+CONFIG_MEMBARRIER=y
+CONFIG_KALLSYMS=y
+# CONFIG_KALLSYMS_ALL is not set
+CONFIG_KALLSYMS_BASE_RELATIVE=y
+# CONFIG_BPF_SYSCALL is not set
+# CONFIG_USERFAULTFD is not set
+CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y
+CONFIG_RSEQ=y
+# CONFIG_EMBEDDED is not set
+CONFIG_HAVE_PERF_EVENTS=y
+
+#
+# Kernel Performance Events And Counters
+#
+CONFIG_PERF_EVENTS=y
+# CONFIG_DEBUG_PERF_USE_VMALLOC is not set
+CONFIG_VM_EVENT_COUNTERS=y
+CONFIG_COMPAT_BRK=y
+CONFIG_SLAB=y
+# CONFIG_SLUB is not set
+CONFIG_SLAB_MERGE_DEFAULT=y
+# CONFIG_SLAB_FREELIST_RANDOM is not set
+# CONFIG_PROFILING is not set
+CONFIG_HAVE_OPROFILE=y
+CONFIG_OPROFILE_NMI_TIMER=y
+# CONFIG_JUMP_LABEL is not set
+CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
+CONFIG_ARCH_USE_BUILTIN_BSWAP=y
+CONFIG_HAVE_IOREMAP_PROT=y
+CONFIG_HAVE_KPROBES=y
+CONFIG_HAVE_KRETPROBES=y
+CONFIG_HAVE_OPTPROBES=y
+CONFIG_HAVE_KPROBES_ON_FTRACE=y
+CONFIG_HAVE_FUNCTION_ERROR_INJECTION=y
+CONFIG_HAVE_NMI=y
+CONFIG_HAVE_ARCH_TRACEHOOK=y
+CONFIG_HAVE_DMA_CONTIGUOUS=y
+CONFIG_GENERIC_SMP_IDLE_THREAD=y
+CONFIG_ARCH_HAS_FORTIFY_SOURCE=y
+CONFIG_ARCH_HAS_SET_MEMORY=y
+CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y
+CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y
+CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y
+CONFIG_HAVE_RSEQ=y
+CONFIG_HAVE_CLK=y
+CONFIG_HAVE_HW_BREAKPOINT=y
+CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y
+CONFIG_HAVE_USER_RETURN_NOTIFIER=y
+CONFIG_HAVE_PERF_EVENTS_NMI=y
+CONFIG_HAVE_HARDLOCKUP_DETECTOR_PERF=y
+CONFIG_HAVE_PERF_REGS=y
+CONFIG_HAVE_PERF_USER_STACK_DUMP=y
+CONFIG_HAVE_ARCH_JUMP_LABEL=y
+CONFIG_HAVE_RCU_TABLE_FREE=y
+CONFIG_HAVE_RCU_TABLE_INVALIDATE=y
+CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y
+CONFIG_HAVE_CMPXCHG_LOCAL=y
+CONFIG_HAVE_CMPXCHG_DOUBLE=y
+CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
+CONFIG_SECCOMP_FILTER=y
+CONFIG_PLUGIN_HOSTCC=""
+CONFIG_HAVE_GCC_PLUGINS=y
+CONFIG_HAVE_STACKPROTECTOR=y
+CONFIG_CC_HAS_STACKPROTECTOR_NONE=y
+CONFIG_STACKPROTECTOR=y
+CONFIG_STACKPROTECTOR_STRONG=y
+CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y
+CONFIG_HAVE_CONTEXT_TRACKING=y
+CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
+CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y
+CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y
+CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD=y
+CONFIG_HAVE_ARCH_HUGE_VMAP=y
+CONFIG_HAVE_ARCH_SOFT_DIRTY=y
+CONFIG_HAVE_MOD_ARCH_SPECIFIC=y
+CONFIG_MODULES_USE_ELF_RELA=y
+CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y
+CONFIG_ARCH_HAS_ELF_RANDOMIZE=y
+CONFIG_HAVE_ARCH_MMAP_RND_BITS=y
+CONFIG_HAVE_EXIT_THREAD=y
+CONFIG_ARCH_MMAP_RND_BITS=28
+CONFIG_HAVE_COPY_THREAD_TLS=y
+CONFIG_HAVE_STACK_VALIDATION=y
+CONFIG_HAVE_ARCH_VMAP_STACK=y
+CONFIG_VMAP_STACK=y
+CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
+CONFIG_STRICT_KERNEL_RWX=y
+CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
+CONFIG_ARCH_HAS_REFCOUNT=y
+# CONFIG_REFCOUNT_FULL is not set
+
+#
+# GCOV-based kernel profiling
+#
+CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y
+CONFIG_RT_MUTEXES=y
+CONFIG_BASE_SMALL=0
+# CONFIG_MODULES is not set
+CONFIG_MODULES_TREE_LOOKUP=y
+CONFIG_BLOCK=y
+# CONFIG_BLK_DEV_BSG is not set
+# CONFIG_BLK_DEV_BSGLIB is not set
+# CONFIG_BLK_DEV_INTEGRITY is not set
+# CONFIG_BLK_DEV_ZONED is not set
+# CONFIG_BLK_DEV_THROTTLING is not set
+# CONFIG_BLK_CMDLINE_PARSER is not set
+# CONFIG_BLK_WBT is not set
+# CONFIG_BLK_SED_OPAL is not set
+
+#
+# Partition Types
+#
+# CONFIG_PARTITION_ADVANCED is not set
+CONFIG_MSDOS_PARTITION=y
+CONFIG_EFI_PARTITION=y
+CONFIG_BLK_MQ_PCI=y
+CONFIG_BLK_MQ_VIRTIO=y
+
+#
+# IO Schedulers
+#
+CONFIG_IOSCHED_NOOP=y
+CONFIG_IOSCHED_DEADLINE=y
+CONFIG_IOSCHED_CFQ=y
+# CONFIG_CFQ_GROUP_IOSCHED is not set
+# CONFIG_DEFAULT_DEADLINE is not set
+CONFIG_DEFAULT_CFQ=y
+# CONFIG_DEFAULT_NOOP is not set
+CONFIG_DEFAULT_IOSCHED="cfq"
+CONFIG_MQ_IOSCHED_DEADLINE=y
+CONFIG_MQ_IOSCHED_KYBER=y
+# CONFIG_IOSCHED_BFQ is not set
+CONFIG_ASN1=y
+CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
+CONFIG_INLINE_READ_UNLOCK=y
+CONFIG_INLINE_READ_UNLOCK_IRQ=y
+CONFIG_INLINE_WRITE_UNLOCK=y
+CONFIG_INLINE_WRITE_UNLOCK_IRQ=y
+CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y
+CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y
+CONFIG_ARCH_USE_QUEUED_RWLOCKS=y
+CONFIG_ARCH_HAS_SYNC_CORE_BEFORE_USERMODE=y
+CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y
+CONFIG_CC_HAS_SANE_STACKPROTECTOR=y
+CONFIG_FREEZER=y
+
+#
+# Processor type and features
+#
+CONFIG_ZONE_DMA=y
+# CONFIG_SMP is not set
+CONFIG_X86_FEATURE_NAMES=y
+CONFIG_X86_MPPARSE=y
+# CONFIG_GOLDFISH is not set
+CONFIG_RETPOLINE=y
+# CONFIG_INTEL_RDT is not set
+CONFIG_X86_EXTENDED_PLATFORM=y
+# CONFIG_X86_GOLDFISH is not set
+# CONFIG_X86_INTEL_MID is not set
+# CONFIG_X86_INTEL_LPSS is not set
+# CONFIG_X86_AMD_PLATFORM_DEVICE is not set
+CONFIG_IOSF_MBI=y
+CONFIG_SCHED_OMIT_FRAME_POINTER=y
+# CONFIG_HYPERVISOR_GUEST is not set
+CONFIG_NO_BOOTMEM=y
+# CONFIG_MK8 is not set
+# CONFIG_MPSC is not set
+CONFIG_MCORE2=y
+# CONFIG_MATOM is not set
+# CONFIG_GENERIC_CPU is not set
+CONFIG_X86_INTERNODE_CACHE_SHIFT=6
+CONFIG_X86_L1_CACHE_SHIFT=6
+CONFIG_X86_INTEL_USERCOPY=y
+CONFIG_X86_USE_PPRO_CHECKSUM=y
+CONFIG_X86_P6_NOP=y
+CONFIG_X86_TSC=y
+CONFIG_X86_CMPXCHG64=y
+CONFIG_X86_CMOV=y
+CONFIG_X86_MINIMUM_CPU_FAMILY=64
+CONFIG_X86_DEBUGCTLMSR=y
+CONFIG_CPU_SUP_INTEL=y
+CONFIG_CPU_SUP_AMD=y
+CONFIG_CPU_SUP_CENTAUR=y
+CONFIG_HPET_TIMER=y
+CONFIG_DMI=y
+CONFIG_GART_IOMMU=y
+# CONFIG_CALGARY_IOMMU is not set
+CONFIG_NR_CPUS_RANGE_BEGIN=1
+CONFIG_NR_CPUS_RANGE_END=1
+CONFIG_NR_CPUS_DEFAULT=1
+CONFIG_NR_CPUS=1
+CONFIG_PREEMPT_NONE=y
+# CONFIG_PREEMPT_VOLUNTARY is not set
+# CONFIG_PREEMPT is not set
+CONFIG_UP_LATE_INIT=y
+CONFIG_X86_LOCAL_APIC=y
+CONFIG_X86_IO_APIC=y
+# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
+# CONFIG_X86_MCE is not set
+
+#
+# Performance monitoring
+#
+CONFIG_PERF_EVENTS_INTEL_UNCORE=y
+CONFIG_PERF_EVENTS_INTEL_RAPL=y
+CONFIG_PERF_EVENTS_INTEL_CSTATE=y
+# CONFIG_PERF_EVENTS_AMD_POWER is not set
+CONFIG_X86_16BIT=y
+CONFIG_X86_ESPFIX64=y
+CONFIG_X86_VSYSCALL_EMULATION=y
+# CONFIG_I8K is not set
+CONFIG_MICROCODE=y
+CONFIG_MICROCODE_INTEL=y
+# CONFIG_MICROCODE_AMD is not set
+CONFIG_MICROCODE_OLD_INTERFACE=y
+# CONFIG_X86_MSR is not set
+# CONFIG_X86_CPUID is not set
+# CONFIG_X86_5LEVEL is not set
+CONFIG_X86_DIRECT_GBPAGES=y
+CONFIG_ARCH_HAS_MEM_ENCRYPT=y
+# CONFIG_AMD_MEM_ENCRYPT is not set
+CONFIG_ARCH_SPARSEMEM_ENABLE=y
+CONFIG_ARCH_SPARSEMEM_DEFAULT=y
+CONFIG_ARCH_SELECT_MEMORY_MODEL=y
+CONFIG_ARCH_MEMORY_PROBE=y
+CONFIG_ARCH_PROC_KCORE_TEXT=y
+CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
+CONFIG_SELECT_MEMORY_MODEL=y
+CONFIG_SPARSEMEM_MANUAL=y
+CONFIG_SPARSEMEM=y
+CONFIG_HAVE_MEMORY_PRESENT=y
+CONFIG_SPARSEMEM_EXTREME=y
+CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y
+CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y
+CONFIG_SPARSEMEM_VMEMMAP=y
+CONFIG_HAVE_MEMBLOCK=y
+CONFIG_HAVE_MEMBLOCK_NODE_MAP=y
+CONFIG_HAVE_GENERIC_GUP=y
+CONFIG_ARCH_DISCARD_MEMBLOCK=y
+CONFIG_MEMORY_ISOLATION=y
+CONFIG_HAVE_BOOTMEM_INFO_NODE=y
+CONFIG_MEMORY_HOTPLUG=y
+CONFIG_MEMORY_HOTPLUG_SPARSE=y
+# CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE is not set
+CONFIG_MEMORY_HOTREMOVE=y
+CONFIG_SPLIT_PTLOCK_CPUS=4
+CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y
+CONFIG_MEMORY_BALLOON=y
+# CONFIG_COMPACTION is not set
+CONFIG_MIGRATION=y
+CONFIG_PHYS_ADDR_T_64BIT=y
+CONFIG_BOUNCE=y
+CONFIG_VIRT_TO_BUS=y
+# CONFIG_KSM is not set
+CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
+# CONFIG_TRANSPARENT_HUGEPAGE is not set
+CONFIG_ARCH_WANTS_THP_SWAP=y
+CONFIG_NEED_PER_CPU_KM=y
+# CONFIG_CLEANCACHE is not set
+# CONFIG_FRONTSWAP is not set
+# CONFIG_CMA is not set
+# CONFIG_ZPOOL is not set
+# CONFIG_ZBUD is not set
+# CONFIG_ZSMALLOC is not set
+CONFIG_GENERIC_EARLY_IOREMAP=y
+# CONFIG_IDLE_PAGE_TRACKING is not set
+CONFIG_ARCH_HAS_ZONE_DEVICE=y
+# CONFIG_ZONE_DEVICE is not set
+CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y
+CONFIG_ARCH_HAS_PKEYS=y
+# CONFIG_PERCPU_STATS is not set
+# CONFIG_GUP_BENCHMARK is not set
+CONFIG_ARCH_HAS_PTE_SPECIAL=y
+# CONFIG_X86_PMEM_LEGACY is not set
+# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set
+CONFIG_X86_RESERVE_LOW=64
+CONFIG_MTRR=y
+CONFIG_MTRR_SANITIZER=y
+CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0
+CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
+CONFIG_X86_PAT=y
+CONFIG_ARCH_USES_PG_UNCACHED=y
+CONFIG_ARCH_RANDOM=y
+CONFIG_X86_SMAP=y
+CONFIG_X86_INTEL_UMIP=y
+# CONFIG_X86_INTEL_MPX is not set
+CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y
+# CONFIG_EFI is not set
+CONFIG_SECCOMP=y
+# CONFIG_HZ_100 is not set
+CONFIG_HZ_250=y
+# CONFIG_HZ_300 is not set
+# CONFIG_HZ_1000 is not set
+CONFIG_HZ=250
+CONFIG_SCHED_HRTICK=y
+# CONFIG_KEXEC is not set
+# CONFIG_KEXEC_FILE is not set
+# CONFIG_CRASH_DUMP is not set
+CONFIG_PHYSICAL_START=0x1000000
+CONFIG_RELOCATABLE=y
+# CONFIG_RANDOMIZE_BASE is not set
+CONFIG_PHYSICAL_ALIGN=0x1000000
+CONFIG_LEGACY_VSYSCALL_EMULATE=y
+# CONFIG_LEGACY_VSYSCALL_NONE is not set
+# CONFIG_CMDLINE_BOOL is not set
+CONFIG_MODIFY_LDT_SYSCALL=y
+CONFIG_HAVE_LIVEPATCH=y
+CONFIG_ARCH_HAS_ADD_PAGES=y
+CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
+CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y
+
+#
+# Power management and ACPI options
+#
+CONFIG_SUSPEND=y
+CONFIG_SUSPEND_FREEZER=y
+# CONFIG_HIBERNATION is not set
+CONFIG_PM_SLEEP=y
+# CONFIG_PM_AUTOSLEEP is not set
+# CONFIG_PM_WAKELOCKS is not set
+CONFIG_PM=y
+# CONFIG_PM_DEBUG is not set
+CONFIG_PM_CLK=y
+# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set
+CONFIG_ACPI=y
+CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y
+CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y
+CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y
+# CONFIG_ACPI_DEBUGGER is not set
+CONFIG_ACPI_SPCR_TABLE=y
+CONFIG_ACPI_LPIT=y
+CONFIG_ACPI_SLEEP=y
+# CONFIG_ACPI_PROCFS_POWER is not set
+CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y
+# CONFIG_ACPI_EC_DEBUGFS is not set
+CONFIG_ACPI_AC=y
+CONFIG_ACPI_BATTERY=y
+CONFIG_ACPI_BUTTON=y
+CONFIG_ACPI_FAN=y
+# CONFIG_ACPI_TAD is not set
+# CONFIG_ACPI_DOCK is not set
+CONFIG_ACPI_CPU_FREQ_PSS=y
+CONFIG_ACPI_PROCESSOR_CSTATE=y
+CONFIG_ACPI_PROCESSOR_IDLE=y
+CONFIG_ACPI_PROCESSOR=y
+# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set
+CONFIG_ACPI_THERMAL=y
+CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y
+# CONFIG_ACPI_DEBUG is not set
+# CONFIG_ACPI_PCI_SLOT is not set
+# CONFIG_ACPI_CONTAINER is not set
+# CONFIG_ACPI_HOTPLUG_MEMORY is not set
+CONFIG_ACPI_HOTPLUG_IOAPIC=y
+# CONFIG_ACPI_SBS is not set
+# CONFIG_ACPI_HED is not set
+# CONFIG_ACPI_NFIT is not set
+CONFIG_HAVE_ACPI_APEI=y
+CONFIG_HAVE_ACPI_APEI_NMI=y
+# CONFIG_ACPI_APEI is not set
+# CONFIG_DPTF_POWER is not set
+# CONFIG_PMIC_OPREGION is not set
+# CONFIG_ACPI_CONFIGFS is not set
+CONFIG_X86_PM_TIMER=y
+# CONFIG_SFI is not set
+
+#
+# CPU Frequency scaling
+#
+# CONFIG_CPU_FREQ is not set
+
+#
+# CPU Idle
+#
+CONFIG_CPU_IDLE=y
+CONFIG_CPU_IDLE_GOV_LADDER=y
+CONFIG_CPU_IDLE_GOV_MENU=y
+# CONFIG_INTEL_IDLE is not set
+
+#
+# Bus options (PCI etc.)
+#
+CONFIG_PCI=y
+CONFIG_PCI_DIRECT=y
+# CONFIG_PCI_MMCONFIG is not set
+CONFIG_PCI_DOMAINS=y
+# CONFIG_PCIEPORTBUS is not set
+CONFIG_PCI_MSI=y
+CONFIG_PCI_MSI_IRQ_DOMAIN=y
+CONFIG_PCI_QUIRKS=y
+# CONFIG_PCI_DEBUG is not set
+# CONFIG_PCI_STUB is not set
+CONFIG_PCI_LOCKLESS_CONFIG=y
+# CONFIG_PCI_IOV is not set
+# CONFIG_PCI_PRI is not set
+# CONFIG_PCI_PASID is not set
+CONFIG_PCI_LABEL=y
+# CONFIG_HOTPLUG_PCI is not set
+
+#
+# PCI controller drivers
+#
+
+#
+# Cadence PCIe controllers support
+#
+# CONFIG_VMD is not set
+
+#
+# DesignWare PCI Core Support
+#
+# CONFIG_PCIE_DW_PLAT_HOST is not set
+
+#
+# PCI Endpoint
+#
+# CONFIG_PCI_ENDPOINT is not set
+
+#
+# PCI switch controller drivers
+#
+# CONFIG_PCI_SW_SWITCHTEC is not set
+CONFIG_ISA_DMA_API=y
+CONFIG_AMD_NB=y
+# CONFIG_PCCARD is not set
+# CONFIG_RAPIDIO is not set
+# CONFIG_X86_SYSFB is not set
+
+#
+# Executable file formats / Emulations
+#
+CONFIG_BINFMT_ELF=y
+CONFIG_ELFCORE=y
+# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
+CONFIG_BINFMT_SCRIPT=y
+# CONFIG_BINFMT_MISC is not set
+CONFIG_COREDUMP=y
+# CONFIG_IA32_EMULATION is not set
+# CONFIG_X86_X32 is not set
+CONFIG_X86_DEV_DMA_OPS=y
+CONFIG_NET=y
+CONFIG_NET_INGRESS=y
+
+#
+# Networking options
+#
+CONFIG_PACKET=y
+# CONFIG_PACKET_DIAG is not set
+CONFIG_UNIX=y
+# CONFIG_UNIX_DIAG is not set
+CONFIG_TLS=y
+# CONFIG_TLS_DEVICE is not set
+CONFIG_XFRM=y
+CONFIG_XFRM_ALGO=y
+CONFIG_XFRM_USER=y
+CONFIG_XFRM_SUB_POLICY=y
+CONFIG_XFRM_MIGRATE=y
+CONFIG_XFRM_STATISTICS=y
+CONFIG_XFRM_IPCOMP=y
+CONFIG_NET_KEY=y
+CONFIG_NET_KEY_MIGRATE=y
+CONFIG_INET=y
+# CONFIG_IP_MULTICAST is not set
+CONFIG_IP_ADVANCED_ROUTER=y
+# CONFIG_IP_FIB_TRIE_STATS is not set
+CONFIG_IP_MULTIPLE_TABLES=y
+# CONFIG_IP_ROUTE_MULTIPATH is not set
+# CONFIG_IP_ROUTE_VERBOSE is not set
+CONFIG_IP_ROUTE_CLASSID=y
+# CONFIG_IP_PNP is not set
+# CONFIG_NET_IPIP is not set
+CONFIG_NET_IPGRE_DEMUX=y
+CONFIG_NET_IP_TUNNEL=y
+CONFIG_NET_IPGRE=y
+# CONFIG_SYN_COOKIES is not set
+CONFIG_NET_IPVTI=y
+CONFIG_NET_UDP_TUNNEL=y
+# CONFIG_NET_FOU is not set
+# CONFIG_NET_FOU_IP_TUNNELS is not set
+CONFIG_INET_AH=y
+CONFIG_INET_ESP=y
+# CONFIG_INET_ESP_OFFLOAD is not set
+CONFIG_INET_IPCOMP=y
+CONFIG_INET_XFRM_TUNNEL=y
+CONFIG_INET_TUNNEL=y
+CONFIG_INET_XFRM_MODE_TRANSPORT=y
+CONFIG_INET_XFRM_MODE_TUNNEL=y
+CONFIG_INET_XFRM_MODE_BEET=y
+CONFIG_INET_DIAG=y
+CONFIG_INET_TCP_DIAG=y
+# CONFIG_INET_UDP_DIAG is not set
+# CONFIG_INET_RAW_DIAG is not set
+# CONFIG_INET_DIAG_DESTROY is not set
+# CONFIG_TCP_CONG_ADVANCED is not set
+CONFIG_TCP_CONG_CUBIC=y
+CONFIG_DEFAULT_TCP_CONG="cubic"
+# CONFIG_TCP_MD5SIG is not set
+CONFIG_IPV6=y
+# CONFIG_IPV6_ROUTER_PREF is not set
+CONFIG_IPV6_OPTIMISTIC_DAD=y
+CONFIG_INET6_AH=y
+CONFIG_INET6_ESP=y
+# CONFIG_INET6_ESP_OFFLOAD is not set
+CONFIG_INET6_IPCOMP=y
+CONFIG_IPV6_MIP6=y
+# CONFIG_IPV6_ILA is not set
+CONFIG_INET6_XFRM_TUNNEL=y
+CONFIG_INET6_TUNNEL=y
+CONFIG_INET6_XFRM_MODE_TRANSPORT=y
+CONFIG_INET6_XFRM_MODE_TUNNEL=y
+CONFIG_INET6_XFRM_MODE_BEET=y
+# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set
+CONFIG_IPV6_VTI=y
+# CONFIG_IPV6_SIT is not set
+CONFIG_IPV6_TUNNEL=y
+CONFIG_IPV6_GRE=y
+CONFIG_IPV6_MULTIPLE_TABLES=y
+CONFIG_IPV6_SUBTREES=y
+# CONFIG_IPV6_MROUTE is not set
+# CONFIG_IPV6_SEG6_LWTUNNEL is not set
+# CONFIG_IPV6_SEG6_HMAC is not set
+# CONFIG_NETWORK_SECMARK is not set
+# CONFIG_NETWORK_PHY_TIMESTAMPING is not set
+CONFIG_NETFILTER=y
+CONFIG_NETFILTER_ADVANCED=y
+
+#
+# Core Netfilter Configuration
+#
+CONFIG_NETFILTER_INGRESS=y
+CONFIG_NETFILTER_NETLINK=y
+CONFIG_NETFILTER_FAMILY_ARP=y
+# CONFIG_NETFILTER_NETLINK_ACCT is not set
+CONFIG_NETFILTER_NETLINK_QUEUE=y
+CONFIG_NETFILTER_NETLINK_LOG=y
+CONFIG_NF_CONNTRACK=y
+CONFIG_NF_LOG_COMMON=y
+# CONFIG_NF_LOG_NETDEV is not set
+CONFIG_NETFILTER_CONNCOUNT=y
+CONFIG_NF_CONNTRACK_MARK=y
+# CONFIG_NF_CONNTRACK_ZONES is not set
+CONFIG_NF_CONNTRACK_PROCFS=y
+CONFIG_NF_CONNTRACK_EVENTS=y
+# CONFIG_NF_CONNTRACK_TIMEOUT is not set
+# CONFIG_NF_CONNTRACK_TIMESTAMP is not set
+# CONFIG_NF_CT_PROTO_DCCP is not set
+# CONFIG_NF_CT_PROTO_SCTP is not set
+CONFIG_NF_CT_PROTO_UDPLITE=y
+# CONFIG_NF_CONNTRACK_AMANDA is not set
+# CONFIG_NF_CONNTRACK_FTP is not set
+# CONFIG_NF_CONNTRACK_H323 is not set
+# CONFIG_NF_CONNTRACK_IRC is not set
+# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
+# CONFIG_NF_CONNTRACK_SNMP is not set
+# CONFIG_NF_CONNTRACK_PPTP is not set
+CONFIG_NF_CONNTRACK_SANE=y
+# CONFIG_NF_CONNTRACK_SIP is not set
+# CONFIG_NF_CONNTRACK_TFTP is not set
+CONFIG_NF_CT_NETLINK=y
+# CONFIG_NF_CT_NETLINK_TIMEOUT is not set
+# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set
+CONFIG_NF_NAT=y
+CONFIG_NF_NAT_NEEDED=y
+CONFIG_NF_NAT_PROTO_UDPLITE=y
+CONFIG_NF_NAT_REDIRECT=y
+# CONFIG_NF_TABLES is not set
+CONFIG_NETFILTER_XTABLES=y
+
+#
+# Xtables combined modules
+#
+CONFIG_NETFILTER_XT_MARK=y
+CONFIG_NETFILTER_XT_CONNMARK=y
+CONFIG_NETFILTER_XT_SET=y
+
+#
+# Xtables targets
+#
+# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set
+CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
+CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
+CONFIG_NETFILTER_XT_TARGET_CT=y
+CONFIG_NETFILTER_XT_TARGET_DSCP=y
+CONFIG_NETFILTER_XT_TARGET_HL=y
+# CONFIG_NETFILTER_XT_TARGET_HMARK is not set
+# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set
+CONFIG_NETFILTER_XT_TARGET_LOG=y
+CONFIG_NETFILTER_XT_TARGET_MARK=y
+CONFIG_NETFILTER_XT_NAT=y
+CONFIG_NETFILTER_XT_TARGET_NETMAP=y
+CONFIG_NETFILTER_XT_TARGET_NFLOG=y
+CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
+CONFIG_NETFILTER_XT_TARGET_NOTRACK=y
+# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
+CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
+# CONFIG_NETFILTER_XT_TARGET_TEE is not set
+# CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
+CONFIG_NETFILTER_XT_TARGET_TRACE=y
+CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
+# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
+
+#
+# Xtables matches
+#
+CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
+# CONFIG_NETFILTER_XT_MATCH_BPF is not set
+# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set
+CONFIG_NETFILTER_XT_MATCH_CLUSTER=y
+CONFIG_NETFILTER_XT_MATCH_COMMENT=y
+CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
+# CONFIG_NETFILTER_XT_MATCH_CONNLABEL is not set
+CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y
+CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
+CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
+# CONFIG_NETFILTER_XT_MATCH_CPU is not set
+CONFIG_NETFILTER_XT_MATCH_DCCP=y
+CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y
+CONFIG_NETFILTER_XT_MATCH_DSCP=y
+CONFIG_NETFILTER_XT_MATCH_ECN=y
+CONFIG_NETFILTER_XT_MATCH_ESP=y
+CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y
+CONFIG_NETFILTER_XT_MATCH_HELPER=y
+CONFIG_NETFILTER_XT_MATCH_HL=y
+# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set
+# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set
+CONFIG_NETFILTER_XT_MATCH_L2TP=y
+CONFIG_NETFILTER_XT_MATCH_LENGTH=y
+CONFIG_NETFILTER_XT_MATCH_LIMIT=y
+CONFIG_NETFILTER_XT_MATCH_MAC=y
+CONFIG_NETFILTER_XT_MATCH_MARK=y
+CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
+# CONFIG_NETFILTER_XT_MATCH_NFACCT is not set
+# CONFIG_NETFILTER_XT_MATCH_OSF is not set
+# CONFIG_NETFILTER_XT_MATCH_OWNER is not set
+CONFIG_NETFILTER_XT_MATCH_POLICY=y
+CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
+CONFIG_NETFILTER_XT_MATCH_QUOTA=y
+# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set
+CONFIG_NETFILTER_XT_MATCH_REALM=y
+# CONFIG_NETFILTER_XT_MATCH_RECENT is not set
+CONFIG_NETFILTER_XT_MATCH_SCTP=y
+CONFIG_NETFILTER_XT_MATCH_STATE=y
+CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
+CONFIG_NETFILTER_XT_MATCH_STRING=y
+CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
+# CONFIG_NETFILTER_XT_MATCH_TIME is not set
+CONFIG_NETFILTER_XT_MATCH_U32=y
+CONFIG_IP_SET=y
+CONFIG_IP_SET_MAX=256
+CONFIG_IP_SET_BITMAP_IP=y
+CONFIG_IP_SET_BITMAP_IPMAC=y
+CONFIG_IP_SET_BITMAP_PORT=y
+CONFIG_IP_SET_HASH_IP=y
+# CONFIG_IP_SET_HASH_IPMARK is not set
+CONFIG_IP_SET_HASH_IPPORT=y
+CONFIG_IP_SET_HASH_IPPORTIP=y
+CONFIG_IP_SET_HASH_IPPORTNET=y
+# CONFIG_IP_SET_HASH_IPMAC is not set
+# CONFIG_IP_SET_HASH_MAC is not set
+# CONFIG_IP_SET_HASH_NETPORTNET is not set
+CONFIG_IP_SET_HASH_NET=y
+# CONFIG_IP_SET_HASH_NETNET is not set
+CONFIG_IP_SET_HASH_NETPORT=y
+# CONFIG_IP_SET_HASH_NETIFACE is not set
+CONFIG_IP_SET_LIST_SET=y
+# CONFIG_IP_VS is not set
+
+#
+# IP: Netfilter Configuration
+#
+CONFIG_NF_DEFRAG_IPV4=y
+CONFIG_NF_CONNTRACK_IPV4=y
+# CONFIG_NF_SOCKET_IPV4 is not set
+# CONFIG_NF_TPROXY_IPV4 is not set
+# CONFIG_NF_DUP_IPV4 is not set
+# CONFIG_NF_LOG_ARP is not set
+CONFIG_NF_LOG_IPV4=y
+CONFIG_NF_REJECT_IPV4=y
+CONFIG_NF_NAT_IPV4=y
+CONFIG_NF_NAT_MASQUERADE_IPV4=y
+CONFIG_IP_NF_IPTABLES=y
+CONFIG_IP_NF_MATCH_AH=y
+CONFIG_IP_NF_MATCH_ECN=y
+# CONFIG_IP_NF_MATCH_RPFILTER is not set
+CONFIG_IP_NF_MATCH_TTL=y
+CONFIG_IP_NF_FILTER=y
+CONFIG_IP_NF_TARGET_REJECT=y
+# CONFIG_IP_NF_TARGET_SYNPROXY is not set
+CONFIG_IP_NF_NAT=y
+CONFIG_IP_NF_TARGET_MASQUERADE=y
+CONFIG_IP_NF_TARGET_NETMAP=y
+CONFIG_IP_NF_TARGET_REDIRECT=y
+CONFIG_IP_NF_MANGLE=y
+CONFIG_IP_NF_TARGET_CLUSTERIP=y
+CONFIG_IP_NF_TARGET_ECN=y
+CONFIG_IP_NF_TARGET_TTL=y
+CONFIG_IP_NF_RAW=y
+CONFIG_IP_NF_ARPTABLES=y
+CONFIG_IP_NF_ARPFILTER=y
+CONFIG_IP_NF_ARP_MANGLE=y
+
+#
+# IPv6: Netfilter Configuration
+#
+CONFIG_NF_DEFRAG_IPV6=y
+CONFIG_NF_CONNTRACK_IPV6=y
+# CONFIG_NF_SOCKET_IPV6 is not set
+# CONFIG_NF_TPROXY_IPV6 is not set
+# CONFIG_NF_DUP_IPV6 is not set
+CONFIG_NF_REJECT_IPV6=y
+CONFIG_NF_LOG_IPV6=y
+CONFIG_NF_NAT_IPV6=y
+CONFIG_NF_NAT_MASQUERADE_IPV6=y
+CONFIG_IP6_NF_IPTABLES=y
+CONFIG_IP6_NF_MATCH_AH=y
+CONFIG_IP6_NF_MATCH_EUI64=y
+CONFIG_IP6_NF_MATCH_FRAG=y
+CONFIG_IP6_NF_MATCH_OPTS=y
+CONFIG_IP6_NF_MATCH_HL=y
+CONFIG_IP6_NF_MATCH_IPV6HEADER=y
+CONFIG_IP6_NF_MATCH_MH=y
+# CONFIG_IP6_NF_MATCH_RPFILTER is not set
+CONFIG_IP6_NF_MATCH_RT=y
+# CONFIG_IP6_NF_MATCH_SRH is not set
+CONFIG_IP6_NF_TARGET_HL=y
+CONFIG_IP6_NF_FILTER=y
+CONFIG_IP6_NF_TARGET_REJECT=y
+# CONFIG_IP6_NF_TARGET_SYNPROXY is not set
+CONFIG_IP6_NF_MANGLE=y
+CONFIG_IP6_NF_RAW=y
+CONFIG_IP6_NF_NAT=y
+CONFIG_IP6_NF_TARGET_MASQUERADE=y
+CONFIG_IP6_NF_TARGET_NPT=y
+# CONFIG_BPFILTER is not set
+# CONFIG_IP_DCCP is not set
+# CONFIG_IP_SCTP is not set
+# CONFIG_RDS is not set
+# CONFIG_TIPC is not set
+# CONFIG_ATM is not set
+CONFIG_L2TP=y
+# CONFIG_L2TP_V3 is not set
+# CONFIG_BRIDGE is not set
+CONFIG_HAVE_NET_DSA=y
+# CONFIG_NET_DSA is not set
+# CONFIG_VLAN_8021Q is not set
+# CONFIG_DECNET is not set
+# CONFIG_LLC2 is not set
+# CONFIG_ATALK is not set
+# CONFIG_X25 is not set
+# CONFIG_LAPB is not set
+# CONFIG_PHONET is not set
+# CONFIG_6LOWPAN is not set
+# CONFIG_IEEE802154 is not set
+# CONFIG_NET_SCHED is not set
+# CONFIG_DCB is not set
+CONFIG_DNS_RESOLVER=y
+# CONFIG_BATMAN_ADV is not set
+# CONFIG_OPENVSWITCH is not set
+# CONFIG_VSOCKETS is not set
+# CONFIG_NETLINK_DIAG is not set
+# CONFIG_MPLS is not set
+# CONFIG_NET_NSH is not set
+# CONFIG_HSR is not set
+# CONFIG_NET_SWITCHDEV is not set
+# CONFIG_NET_L3_MASTER_DEV is not set
+# CONFIG_NET_NCSI is not set
+CONFIG_CGROUP_NET_PRIO=y
+CONFIG_CGROUP_NET_CLASSID=y
+CONFIG_NET_RX_BUSY_POLL=y
+CONFIG_BQL=y
+
+#
+# Network testing
+#
+# CONFIG_NET_PKTGEN is not set
+# CONFIG_HAMRADIO is not set
+# CONFIG_CAN is not set
+# CONFIG_BT is not set
+# CONFIG_AF_RXRPC is not set
+# CONFIG_AF_KCM is not set
+CONFIG_STREAM_PARSER=y
+CONFIG_FIB_RULES=y
+CONFIG_WIRELESS=y
+# CONFIG_CFG80211 is not set
+
+#
+# CFG80211 needs to be enabled for MAC80211
+#
+CONFIG_MAC80211_STA_HASH_MAX_SIZE=0
+# CONFIG_WIMAX is not set
+# CONFIG_RFKILL is not set
+CONFIG_NET_9P=y
+CONFIG_NET_9P_VIRTIO=y
+# CONFIG_NET_9P_DEBUG is not set
+# CONFIG_CAIF is not set
+# CONFIG_CEPH_LIB is not set
+# CONFIG_NFC is not set
+# CONFIG_PSAMPLE is not set
+# CONFIG_NET_IFE is not set
+# CONFIG_LWTUNNEL is not set
+CONFIG_DST_CACHE=y
+CONFIG_GRO_CELLS=y
+# CONFIG_NET_DEVLINK is not set
+CONFIG_MAY_USE_DEVLINK=y
+CONFIG_FAILOVER=y
+CONFIG_HAVE_EBPF_JIT=y
+
+#
+# Device Drivers
+#
+
+#
+# Generic Driver Options
+#
+CONFIG_UEVENT_HELPER=y
+CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
+CONFIG_DEVTMPFS=y
+CONFIG_DEVTMPFS_MOUNT=y
+CONFIG_STANDALONE=y
+CONFIG_PREVENT_FIRMWARE_BUILD=y
+
+#
+# Firmware loader
+#
+CONFIG_FW_LOADER=y
+CONFIG_EXTRA_FIRMWARE=""
+# CONFIG_FW_LOADER_USER_HELPER is not set
+CONFIG_ALLOW_DEV_COREDUMP=y
+# CONFIG_DEBUG_DRIVER is not set
+# CONFIG_DEBUG_DEVRES is not set
+# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
+CONFIG_GENERIC_CPU_AUTOPROBE=y
+CONFIG_GENERIC_CPU_VULNERABILITIES=y
+
+#
+# Bus devices
+#
+# CONFIG_CONNECTOR is not set
+# CONFIG_MTD is not set
+# CONFIG_OF is not set
+CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y
+# CONFIG_PARPORT is not set
+CONFIG_PNP=y
+CONFIG_PNP_DEBUG_MESSAGES=y
+
+#
+# Protocols
+#
+CONFIG_PNPACPI=y
+CONFIG_BLK_DEV=y
+# CONFIG_BLK_DEV_NULL_BLK is not set
+# CONFIG_BLK_DEV_FD is not set
+# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set
+# CONFIG_BLK_DEV_DAC960 is not set
+# CONFIG_BLK_DEV_UMEM is not set
+CONFIG_BLK_DEV_LOOP=y
+CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
+# CONFIG_BLK_DEV_CRYPTOLOOP is not set
+# CONFIG_BLK_DEV_DRBD is not set
+CONFIG_BLK_DEV_NBD=y
+# CONFIG_BLK_DEV_SKD is not set
+# CONFIG_BLK_DEV_SX8 is not set
+# CONFIG_BLK_DEV_RAM is not set
+# CONFIG_CDROM_PKTCDVD is not set
+# CONFIG_ATA_OVER_ETH is not set
+CONFIG_VIRTIO_BLK=y
+# CONFIG_VIRTIO_BLK_SCSI is not set
+# CONFIG_BLK_DEV_RBD is not set
+# CONFIG_BLK_DEV_RSXX is not set
+
+#
+# NVME Support
+#
+# CONFIG_BLK_DEV_NVME is not set
+# CONFIG_NVME_FC is not set
+
+#
+# Misc devices
+#
+# CONFIG_DUMMY_IRQ is not set
+# CONFIG_IBM_ASM is not set
+# CONFIG_PHANTOM is not set
+# CONFIG_SGI_IOC4 is not set
+# CONFIG_TIFM_CORE is not set
+# CONFIG_ENCLOSURE_SERVICES is not set
+# CONFIG_HP_ILO is not set
+# CONFIG_SRAM is not set
+# CONFIG_PCI_ENDPOINT_TEST is not set
+# CONFIG_C2PORT is not set
+
+#
+# EEPROM support
+#
+# CONFIG_EEPROM_93CX6 is not set
+# CONFIG_CB710_CORE is not set
+
+#
+# Texas Instruments shared transport line discipline
+#
+
+#
+# Altera FPGA firmware download module (requires I2C)
+#
+# CONFIG_INTEL_MEI is not set
+# CONFIG_INTEL_MEI_ME is not set
+# CONFIG_INTEL_MEI_TXE is not set
+# CONFIG_VMWARE_VMCI is not set
+
+#
+# Intel MIC & related support
+#
+
+#
+# Intel MIC Bus Driver
+#
+# CONFIG_INTEL_MIC_BUS is not set
+
+#
+# SCIF Bus Driver
+#
+# CONFIG_SCIF_BUS is not set
+
+#
+# VOP Bus Driver
+#
+# CONFIG_VOP_BUS is not set
+
+#
+# Intel MIC Host Driver
+#
+
+#
+# Intel MIC Card Driver
+#
+
+#
+# SCIF Driver
+#
+
+#
+# Intel MIC Coprocessor State Management (COSM) Drivers
+#
+
+#
+# VOP Driver
+#
+# CONFIG_GENWQE is not set
+# CONFIG_ECHO is not set
+# CONFIG_MISC_RTSX_PCI is not set
+CONFIG_HAVE_IDE=y
+# CONFIG_IDE is not set
+
+#
+# SCSI device support
+#
+CONFIG_SCSI_MOD=y
+# CONFIG_RAID_ATTRS is not set
+# CONFIG_SCSI is not set
+# CONFIG_ATA is not set
+# CONFIG_MD is not set
+# CONFIG_FUSION is not set
+
+#
+# IEEE 1394 (FireWire) support
+#
+# CONFIG_FIREWIRE is not set
+# CONFIG_FIREWIRE_NOSY is not set
+# CONFIG_MACINTOSH_DRIVERS is not set
+CONFIG_NETDEVICES=y
+CONFIG_NET_CORE=y
+# CONFIG_BONDING is not set
+CONFIG_DUMMY=y
+# CONFIG_EQUALIZER is not set
+# CONFIG_NET_TEAM is not set
+# CONFIG_MACVLAN is not set
+# CONFIG_IPVLAN is not set
+# CONFIG_VXLAN is not set
+# CONFIG_GENEVE is not set
+# CONFIG_GTP is not set
+CONFIG_MACSEC=y
+# CONFIG_NETCONSOLE is not set
+CONFIG_TUN=y
+# CONFIG_TUN_VNET_CROSS_LE is not set
+# CONFIG_VETH is not set
+CONFIG_VIRTIO_NET=y
+# CONFIG_NLMON is not set
+# CONFIG_ARCNET is not set
+
+#
+# CAIF transport drivers
+#
+
+#
+# Distributed Switch Architecture drivers
+#
+CONFIG_ETHERNET=y
+CONFIG_NET_VENDOR_3COM=y
+# CONFIG_VORTEX is not set
+# CONFIG_TYPHOON is not set
+CONFIG_NET_VENDOR_ADAPTEC=y
+# CONFIG_ADAPTEC_STARFIRE is not set
+CONFIG_NET_VENDOR_AGERE=y
+# CONFIG_ET131X is not set
+CONFIG_NET_VENDOR_ALACRITECH=y
+# CONFIG_SLICOSS is not set
+CONFIG_NET_VENDOR_ALTEON=y
+# CONFIG_ACENIC is not set
+# CONFIG_ALTERA_TSE is not set
+CONFIG_NET_VENDOR_AMAZON=y
+# CONFIG_ENA_ETHERNET is not set
+CONFIG_NET_VENDOR_AMD=y
+# CONFIG_AMD8111_ETH is not set
+# CONFIG_PCNET32 is not set
+# CONFIG_AMD_XGBE is not set
+CONFIG_NET_VENDOR_AQUANTIA=y
+# CONFIG_AQTION is not set
+# CONFIG_NET_VENDOR_ARC is not set
+CONFIG_NET_VENDOR_ATHEROS=y
+# CONFIG_ATL2 is not set
+# CONFIG_ATL1 is not set
+# CONFIG_ATL1E is not set
+# CONFIG_ATL1C is not set
+# CONFIG_ALX is not set
+# CONFIG_NET_VENDOR_AURORA is not set
+CONFIG_NET_VENDOR_BROADCOM=y
+# CONFIG_B44 is not set
+# CONFIG_BNX2 is not set
+# CONFIG_CNIC is not set
+# CONFIG_TIGON3 is not set
+# CONFIG_BNX2X is not set
+# CONFIG_BNXT is not set
+CONFIG_NET_VENDOR_BROCADE=y
+# CONFIG_BNA is not set
+CONFIG_NET_CADENCE=y
+# CONFIG_MACB is not set
+CONFIG_NET_VENDOR_CAVIUM=y
+# CONFIG_THUNDER_NIC_PF is not set
+# CONFIG_THUNDER_NIC_VF is not set
+# CONFIG_THUNDER_NIC_BGX is not set
+# CONFIG_THUNDER_NIC_RGX is not set
+CONFIG_CAVIUM_PTP=y
+# CONFIG_LIQUIDIO is not set
+# CONFIG_LIQUIDIO_VF is not set
+CONFIG_NET_VENDOR_CHELSIO=y
+# CONFIG_CHELSIO_T1 is not set
+# CONFIG_CHELSIO_T3 is not set
+# CONFIG_CHELSIO_T4 is not set
+# CONFIG_CHELSIO_T4VF is not set
+CONFIG_NET_VENDOR_CISCO=y
+# CONFIG_ENIC is not set
+CONFIG_NET_VENDOR_CORTINA=y
+# CONFIG_CX_ECAT is not set
+# CONFIG_DNET is not set
+CONFIG_NET_VENDOR_DEC=y
+# CONFIG_NET_TULIP is not set
+CONFIG_NET_VENDOR_DLINK=y
+# CONFIG_DL2K is not set
+# CONFIG_SUNDANCE is not set
+CONFIG_NET_VENDOR_EMULEX=y
+# CONFIG_BE2NET is not set
+CONFIG_NET_VENDOR_EZCHIP=y
+CONFIG_NET_VENDOR_HP=y
+# CONFIG_HP100 is not set
+CONFIG_NET_VENDOR_HUAWEI=y
+# CONFIG_HINIC is not set
+CONFIG_NET_VENDOR_I825XX=y
+CONFIG_NET_VENDOR_INTEL=y
+# CONFIG_E100 is not set
+# CONFIG_E1000 is not set
+# CONFIG_E1000E is not set
+# CONFIG_IGB is not set
+# CONFIG_IGBVF is not set
+# CONFIG_IXGB is not set
+# CONFIG_IXGBE is not set
+# CONFIG_IXGBEVF is not set
+# CONFIG_I40E is not set
+# CONFIG_I40EVF is not set
+# CONFIG_ICE is not set
+# CONFIG_FM10K is not set
+CONFIG_NET_VENDOR_EXAR=y
+# CONFIG_S2IO is not set
+# CONFIG_VXGE is not set
+# CONFIG_JME is not set
+CONFIG_NET_VENDOR_MARVELL=y
+# CONFIG_MVMDIO is not set
+# CONFIG_SKGE is not set
+# CONFIG_SKY2 is not set
+CONFIG_NET_VENDOR_MELLANOX=y
+# CONFIG_MLX4_EN is not set
+# CONFIG_MLX5_CORE is not set
+# CONFIG_MLXSW_CORE is not set
+# CONFIG_MLXFW is not set
+CONFIG_NET_VENDOR_MICREL=y
+# CONFIG_KS8851_MLL is not set
+# CONFIG_KSZ884X_PCI is not set
+CONFIG_NET_VENDOR_MICROSEMI=y
+CONFIG_NET_VENDOR_MYRI=y
+# CONFIG_MYRI10GE is not set
+# CONFIG_FEALNX is not set
+CONFIG_NET_VENDOR_NATSEMI=y
+# CONFIG_NATSEMI is not set
+# CONFIG_NS83820 is not set
+CONFIG_NET_VENDOR_NETRONOME=y
+# CONFIG_NFP is not set
+CONFIG_NET_VENDOR_NI=y
+CONFIG_NET_VENDOR_8390=y
+# CONFIG_NE2K_PCI is not set
+CONFIG_NET_VENDOR_NVIDIA=y
+# CONFIG_FORCEDETH is not set
+CONFIG_NET_VENDOR_OKI=y
+# CONFIG_ETHOC is not set
+CONFIG_NET_PACKET_ENGINE=y
+# CONFIG_HAMACHI is not set
+# CONFIG_YELLOWFIN is not set
+CONFIG_NET_VENDOR_QLOGIC=y
+# CONFIG_QLA3XXX is not set
+# CONFIG_QLCNIC is not set
+# CONFIG_QLGE is not set
+# CONFIG_NETXEN_NIC is not set
+# CONFIG_QED is not set
+CONFIG_NET_VENDOR_QUALCOMM=y
+# CONFIG_QCOM_EMAC is not set
+# CONFIG_RMNET is not set
+CONFIG_NET_VENDOR_RDC=y
+# CONFIG_R6040 is not set
+CONFIG_NET_VENDOR_REALTEK=y
+# CONFIG_8139CP is not set
+# CONFIG_8139TOO is not set
+# CONFIG_R8169 is not set
+CONFIG_NET_VENDOR_RENESAS=y
+CONFIG_NET_VENDOR_ROCKER=y
+CONFIG_NET_VENDOR_SAMSUNG=y
+# CONFIG_SXGBE_ETH is not set
+CONFIG_NET_VENDOR_SEEQ=y
+CONFIG_NET_VENDOR_SOLARFLARE=y
+# CONFIG_SFC is not set
+# CONFIG_SFC_FALCON is not set
+CONFIG_NET_VENDOR_SILAN=y
+# CONFIG_SC92031 is not set
+CONFIG_NET_VENDOR_SIS=y
+# CONFIG_SIS900 is not set
+# CONFIG_SIS190 is not set
+CONFIG_NET_VENDOR_SMSC=y
+# CONFIG_EPIC100 is not set
+# CONFIG_SMSC911X is not set
+# CONFIG_SMSC9420 is not set
+CONFIG_NET_VENDOR_SOCIONEXT=y
+CONFIG_NET_VENDOR_STMICRO=y
+# CONFIG_STMMAC_ETH is not set
+CONFIG_NET_VENDOR_SUN=y
+# CONFIG_HAPPYMEAL is not set
+# CONFIG_SUNGEM is not set
+# CONFIG_CASSINI is not set
+# CONFIG_NIU is not set
+CONFIG_NET_VENDOR_SYNOPSYS=y
+# CONFIG_DWC_XLGMAC is not set
+CONFIG_NET_VENDOR_TEHUTI=y
+# CONFIG_TEHUTI is not set
+CONFIG_NET_VENDOR_TI=y
+# CONFIG_TI_CPSW_ALE is not set
+# CONFIG_TLAN is not set
+CONFIG_NET_VENDOR_VIA=y
+# CONFIG_VIA_RHINE is not set
+# CONFIG_VIA_VELOCITY is not set
+CONFIG_NET_VENDOR_WIZNET=y
+# CONFIG_WIZNET_W5100 is not set
+# CONFIG_WIZNET_W5300 is not set
+# CONFIG_FDDI is not set
+# CONFIG_HIPPI is not set
+# CONFIG_NET_SB1000 is not set
+# CONFIG_MDIO_DEVICE is not set
+# CONFIG_PHYLIB is not set
+# CONFIG_PPP is not set
+# CONFIG_SLIP is not set
+
+#
+# Host-side USB support is needed for USB Network Adapter support
+#
+CONFIG_WLAN=y
+CONFIG_WLAN_VENDOR_ADMTEK=y
+CONFIG_WLAN_VENDOR_ATH=y
+# CONFIG_ATH_DEBUG is not set
+# CONFIG_ATH5K_PCI is not set
+CONFIG_WLAN_VENDOR_ATMEL=y
+CONFIG_WLAN_VENDOR_BROADCOM=y
+CONFIG_WLAN_VENDOR_CISCO=y
+CONFIG_WLAN_VENDOR_INTEL=y
+CONFIG_WLAN_VENDOR_INTERSIL=y
+# CONFIG_HOSTAP is not set
+# CONFIG_PRISM54 is not set
+CONFIG_WLAN_VENDOR_MARVELL=y
+CONFIG_WLAN_VENDOR_MEDIATEK=y
+CONFIG_WLAN_VENDOR_RALINK=y
+CONFIG_WLAN_VENDOR_REALTEK=y
+CONFIG_WLAN_VENDOR_RSI=y
+CONFIG_WLAN_VENDOR_ST=y
+CONFIG_WLAN_VENDOR_TI=y
+CONFIG_WLAN_VENDOR_ZYDAS=y
+CONFIG_WLAN_VENDOR_QUANTENNA=y
+
+#
+# Enable WiMAX (Networking options) to see the WiMAX drivers
+#
+# CONFIG_WAN is not set
+# CONFIG_VMXNET3 is not set
+# CONFIG_FUJITSU_ES is not set
+CONFIG_NET_FAILOVER=y
+# CONFIG_ISDN is not set
+# CONFIG_NVM is not set
+
+#
+# Input device support
+#
+CONFIG_INPUT=y
+# CONFIG_INPUT_FF_MEMLESS is not set
+# CONFIG_INPUT_POLLDEV is not set
+# CONFIG_INPUT_SPARSEKMAP is not set
+# CONFIG_INPUT_MATRIXKMAP is not set
+
+#
+# Userland interfaces
+#
+CONFIG_INPUT_MOUSEDEV=y
+CONFIG_INPUT_MOUSEDEV_PSAUX=y
+CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
+CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
+# CONFIG_INPUT_JOYDEV is not set
+CONFIG_INPUT_EVDEV=y
+# CONFIG_INPUT_EVBUG is not set
+
+#
+# Input Device Drivers
+#
+CONFIG_INPUT_KEYBOARD=y
+CONFIG_KEYBOARD_ATKBD=y
+# CONFIG_KEYBOARD_LKKBD is not set
+# CONFIG_KEYBOARD_NEWTON is not set
+# CONFIG_KEYBOARD_OPENCORES is not set
+# CONFIG_KEYBOARD_SAMSUNG is not set
+# CONFIG_KEYBOARD_STOWAWAY is not set
+# CONFIG_KEYBOARD_SUNKBD is not set
+# CONFIG_KEYBOARD_XTKBD is not set
+CONFIG_INPUT_MOUSE=y
+CONFIG_MOUSE_PS2=y
+CONFIG_MOUSE_PS2_ALPS=y
+CONFIG_MOUSE_PS2_BYD=y
+CONFIG_MOUSE_PS2_LOGIPS2PP=y
+CONFIG_MOUSE_PS2_SYNAPTICS=y
+CONFIG_MOUSE_PS2_CYPRESS=y
+CONFIG_MOUSE_PS2_LIFEBOOK=y
+CONFIG_MOUSE_PS2_TRACKPOINT=y
+# CONFIG_MOUSE_PS2_ELANTECH is not set
+# CONFIG_MOUSE_PS2_SENTELIC is not set
+# CONFIG_MOUSE_PS2_TOUCHKIT is not set
+CONFIG_MOUSE_PS2_FOCALTECH=y
+# CONFIG_MOUSE_SERIAL is not set
+# CONFIG_MOUSE_APPLETOUCH is not set
+# CONFIG_MOUSE_BCM5974 is not set
+# CONFIG_MOUSE_VSXXXAA is not set
+# CONFIG_MOUSE_SYNAPTICS_USB is not set
+# CONFIG_INPUT_JOYSTICK is not set
+# CONFIG_INPUT_TABLET is not set
+# CONFIG_INPUT_TOUCHSCREEN is not set
+# CONFIG_INPUT_MISC is not set
+# CONFIG_RMI4_CORE is not set
+
+#
+# Hardware I/O ports
+#
+CONFIG_SERIO=y
+CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y
+CONFIG_SERIO_I8042=y
+CONFIG_SERIO_SERPORT=y
+# CONFIG_SERIO_CT82C710 is not set
+# CONFIG_SERIO_PCIPS2 is not set
+CONFIG_SERIO_LIBPS2=y
+# CONFIG_SERIO_RAW is not set
+# CONFIG_SERIO_ALTERA_PS2 is not set
+# CONFIG_SERIO_PS2MULT is not set
+# CONFIG_SERIO_ARC_PS2 is not set
+# CONFIG_USERIO is not set
+# CONFIG_GAMEPORT is not set
+
+#
+# Character devices
+#
+CONFIG_TTY=y
+CONFIG_VT=y
+CONFIG_CONSOLE_TRANSLATIONS=y
+CONFIG_VT_CONSOLE=y
+CONFIG_VT_CONSOLE_SLEEP=y
+CONFIG_HW_CONSOLE=y
+# CONFIG_VT_HW_CONSOLE_BINDING is not set
+CONFIG_UNIX98_PTYS=y
+CONFIG_LEGACY_PTYS=y
+CONFIG_LEGACY_PTY_COUNT=256
+# CONFIG_SERIAL_NONSTANDARD is not set
+# CONFIG_NOZOMI is not set
+# CONFIG_N_GSM is not set
+# CONFIG_TRACE_SINK is not set
+CONFIG_DEVMEM=y
+CONFIG_DEVKMEM=y
+
+#
+# Serial drivers
+#
+# CONFIG_SERIAL_8250 is not set
+
+#
+# Non-8250 serial port support
+#
+# CONFIG_SERIAL_UARTLITE is not set
+# CONFIG_SERIAL_JSM is not set
+# CONFIG_SERIAL_SCCNXP is not set
+# CONFIG_SERIAL_ALTERA_JTAGUART is not set
+# CONFIG_SERIAL_ALTERA_UART is not set
+# CONFIG_SERIAL_ARC is not set
+# CONFIG_SERIAL_RP2 is not set
+# CONFIG_SERIAL_FSL_LPUART is not set
+# CONFIG_SERIAL_DEV_BUS is not set
+CONFIG_HVC_DRIVER=y
+CONFIG_VIRTIO_CONSOLE=y
+# CONFIG_IPMI_HANDLER is not set
+# CONFIG_HW_RANDOM is not set
+# CONFIG_NVRAM is not set
+# CONFIG_R3964 is not set
+# CONFIG_APPLICOM is not set
+# CONFIG_MWAVE is not set
+# CONFIG_RAW_DRIVER is not set
+# CONFIG_HPET is not set
+# CONFIG_HANGCHECK_TIMER is not set
+# CONFIG_TCG_TPM is not set
+# CONFIG_TELCLOCK is not set
+CONFIG_DEVPORT=y
+# CONFIG_XILLYBUS is not set
+
+#
+# I2C support
+#
+# CONFIG_I2C is not set
+# CONFIG_SPI is not set
+# CONFIG_SPMI is not set
+# CONFIG_HSI is not set
+# CONFIG_PPS is not set
+
+#
+# PTP clock support
+#
+# CONFIG_PTP_1588_CLOCK is not set
+
+#
+# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks.
+#
+# CONFIG_PINCTRL is not set
+# CONFIG_GPIOLIB is not set
+# CONFIG_W1 is not set
+# CONFIG_POWER_AVS is not set
+# CONFIG_POWER_RESET is not set
+CONFIG_POWER_SUPPLY=y
+# CONFIG_POWER_SUPPLY_DEBUG is not set
+# CONFIG_PDA_POWER is not set
+# CONFIG_TEST_POWER is not set
+# CONFIG_BATTERY_DS2780 is not set
+# CONFIG_BATTERY_DS2781 is not set
+# CONFIG_BATTERY_BQ27XXX is not set
+# CONFIG_CHARGER_MAX8903 is not set
+CONFIG_HWMON=y
+# CONFIG_HWMON_DEBUG_CHIP is not set
+
+#
+# Native drivers
+#
+# CONFIG_SENSORS_ABITUGURU is not set
+# CONFIG_SENSORS_ABITUGURU3 is not set
+# CONFIG_SENSORS_K8TEMP is not set
+# CONFIG_SENSORS_K10TEMP is not set
+# CONFIG_SENSORS_FAM15H_POWER is not set
+# CONFIG_SENSORS_APPLESMC is not set
+# CONFIG_SENSORS_ASPEED is not set
+# CONFIG_SENSORS_DELL_SMM is not set
+# CONFIG_SENSORS_I5K_AMB is not set
+# CONFIG_SENSORS_F71805F is not set
+# CONFIG_SENSORS_F71882FG is not set
+# CONFIG_SENSORS_I5500 is not set
+# CONFIG_SENSORS_CORETEMP is not set
+# CONFIG_SENSORS_IT87 is not set
+# CONFIG_SENSORS_MAX197 is not set
+# CONFIG_SENSORS_PC87360 is not set
+# CONFIG_SENSORS_PC87427 is not set
+# CONFIG_SENSORS_NTC_THERMISTOR is not set
+# CONFIG_SENSORS_NCT6683 is not set
+# CONFIG_SENSORS_NCT6775 is not set
+# CONFIG_SENSORS_SIS5595 is not set
+# CONFIG_SENSORS_SMSC47M1 is not set
+# CONFIG_SENSORS_SMSC47B397 is not set
+# CONFIG_SENSORS_VIA_CPUTEMP is not set
+# CONFIG_SENSORS_VIA686A is not set
+# CONFIG_SENSORS_VT1211 is not set
+# CONFIG_SENSORS_VT8231 is not set
+# CONFIG_SENSORS_W83627HF is not set
+# CONFIG_SENSORS_W83627EHF is not set
+
+#
+# ACPI drivers
+#
+# CONFIG_SENSORS_ACPI_POWER is not set
+# CONFIG_SENSORS_ATK0110 is not set
+CONFIG_THERMAL=y
+# CONFIG_THERMAL_STATISTICS is not set
+CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0
+CONFIG_THERMAL_HWMON=y
+# CONFIG_THERMAL_WRITABLE_TRIPS is not set
+CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y
+# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set
+# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set
+# CONFIG_THERMAL_DEFAULT_GOV_POWER_ALLOCATOR is not set
+# CONFIG_THERMAL_GOV_FAIR_SHARE is not set
+CONFIG_THERMAL_GOV_STEP_WISE=y
+# CONFIG_THERMAL_GOV_BANG_BANG is not set
+# CONFIG_THERMAL_GOV_USER_SPACE is not set
+# CONFIG_THERMAL_GOV_POWER_ALLOCATOR is not set
+# CONFIG_THERMAL_EMULATION is not set
+# CONFIG_INTEL_POWERCLAMP is not set
+# CONFIG_INTEL_SOC_DTS_THERMAL is not set
+
+#
+# ACPI INT340X thermal drivers
+#
+# CONFIG_INT340X_THERMAL is not set
+# CONFIG_INTEL_PCH_THERMAL is not set
+# CONFIG_WATCHDOG is not set
+CONFIG_SSB_POSSIBLE=y
+# CONFIG_SSB is not set
+CONFIG_BCMA_POSSIBLE=y
+# CONFIG_BCMA is not set
+
+#
+# Multifunction device drivers
+#
+# CONFIG_MFD_CROS_EC is not set
+# CONFIG_HTC_PASIC3 is not set
+# CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set
+# CONFIG_LPC_ICH is not set
+# CONFIG_LPC_SCH is not set
+# CONFIG_MFD_INTEL_LPSS_ACPI is not set
+# CONFIG_MFD_INTEL_LPSS_PCI is not set
+# CONFIG_MFD_JANZ_CMODIO is not set
+# CONFIG_MFD_KEMPLD is not set
+# CONFIG_MFD_MT6397 is not set
+# CONFIG_MFD_RDC321X is not set
+# CONFIG_MFD_SM501 is not set
+# CONFIG_ABX500_CORE is not set
+# CONFIG_MFD_SYSCON is not set
+# CONFIG_MFD_TI_AM335X_TSCADC is not set
+# CONFIG_MFD_VX855 is not set
+# CONFIG_REGULATOR is not set
+CONFIG_RC_CORE=y
+CONFIG_RC_MAP=y
+# CONFIG_LIRC is not set
+CONFIG_RC_DECODERS=y
+CONFIG_IR_NEC_DECODER=y
+CONFIG_IR_RC5_DECODER=y
+CONFIG_IR_RC6_DECODER=y
+CONFIG_IR_JVC_DECODER=y
+CONFIG_IR_SONY_DECODER=y
+CONFIG_IR_SANYO_DECODER=y
+CONFIG_IR_SHARP_DECODER=y
+CONFIG_IR_MCE_KBD_DECODER=y
+CONFIG_IR_XMP_DECODER=y
+# CONFIG_IR_IMON_DECODER is not set
+# CONFIG_RC_DEVICES is not set
+# CONFIG_MEDIA_SUPPORT is not set
+
+#
+# Graphics support
+#
+# CONFIG_AGP is not set
+CONFIG_VGA_ARB=y
+CONFIG_VGA_ARB_MAX_GPUS=16
+# CONFIG_VGA_SWITCHEROO is not set
+# CONFIG_DRM is not set
+
+#
+# ACP (Audio CoProcessor) Configuration
+#
+
+#
+# AMD Library routines
+#
+
+#
+# Frame buffer Devices
+#
+# CONFIG_FB is not set
+# CONFIG_BACKLIGHT_LCD_SUPPORT is not set
+
+#
+# Console display driver support
+#
+CONFIG_VGA_CONSOLE=y
+# CONFIG_VGACON_SOFT_SCROLLBACK is not set
+CONFIG_DUMMY_CONSOLE=y
+CONFIG_DUMMY_CONSOLE_COLUMNS=80
+CONFIG_DUMMY_CONSOLE_ROWS=25
+CONFIG_SOUND=y
+# CONFIG_SND is not set
+
+#
+# HID support
+#
+CONFIG_HID=y
+# CONFIG_HID_BATTERY_STRENGTH is not set
+# CONFIG_HIDRAW is not set
+# CONFIG_UHID is not set
+CONFIG_HID_GENERIC=y
+
+#
+# Special HID drivers
+#
+CONFIG_HID_A4TECH=y
+# CONFIG_HID_ACRUX is not set
+CONFIG_HID_APPLE=y
+# CONFIG_HID_AUREAL is not set
+CONFIG_HID_BELKIN=y
+CONFIG_HID_CHERRY=y
+CONFIG_HID_CHICONY=y
+# CONFIG_HID_CMEDIA is not set
+CONFIG_HID_CYPRESS=y
+# CONFIG_HID_DRAGONRISE is not set
+# CONFIG_HID_EMS_FF is not set
+# CONFIG_HID_ELECOM is not set
+CONFIG_HID_EZKEY=y
+# CONFIG_HID_GEMBIRD is not set
+# CONFIG_HID_GFRM is not set
+# CONFIG_HID_KEYTOUCH is not set
+# CONFIG_HID_KYE is not set
+# CONFIG_HID_WALTOP is not set
+# CONFIG_HID_GYRATION is not set
+# CONFIG_HID_ICADE is not set
+CONFIG_HID_ITE=y
+# CONFIG_HID_JABRA is not set
+# CONFIG_HID_TWINHAN is not set
+CONFIG_HID_KENSINGTON=y
+# CONFIG_HID_LCPOWER is not set
+# CONFIG_HID_LENOVO is not set
+CONFIG_HID_LOGITECH=y
+# CONFIG_HID_LOGITECH_HIDPP is not set
+# CONFIG_LOGITECH_FF is not set
+# CONFIG_LOGIRUMBLEPAD2_FF is not set
+# CONFIG_LOGIG940_FF is not set
+# CONFIG_LOGIWHEELS_FF is not set
+# CONFIG_HID_MAGICMOUSE is not set
+# CONFIG_HID_MAYFLASH is not set
+CONFIG_HID_REDRAGON=y
+CONFIG_HID_MICROSOFT=y
+CONFIG_HID_MONTEREY=y
+# CONFIG_HID_MULTITOUCH is not set
+# CONFIG_HID_NTI is not set
+# CONFIG_HID_ORTEK is not set
+# CONFIG_HID_PANTHERLORD is not set
+# CONFIG_HID_PETALYNX is not set
+# CONFIG_HID_PICOLCD is not set
+CONFIG_HID_PLANTRONICS=y
+# CONFIG_HID_PRIMAX is not set
+# CONFIG_HID_SAITEK is not set
+# CONFIG_HID_SAMSUNG is not set
+# CONFIG_HID_SPEEDLINK is not set
+# CONFIG_HID_STEAM is not set
+# CONFIG_HID_STEELSERIES is not set
+# CONFIG_HID_SUNPLUS is not set
+# CONFIG_HID_RMI is not set
+# CONFIG_HID_GREENASIA is not set
+# CONFIG_HID_SMARTJOYPLUS is not set
+# CONFIG_HID_TIVO is not set
+# CONFIG_HID_TOPSEED is not set
+# CONFIG_HID_THRUSTMASTER is not set
+# CONFIG_HID_UDRAW_PS3 is not set
+# CONFIG_HID_XINMO is not set
+# CONFIG_HID_ZEROPLUS is not set
+# CONFIG_HID_ZYDACRON is not set
+# CONFIG_HID_SENSOR_HUB is not set
+# CONFIG_HID_ALPS is not set
+
+#
+# Intel ISH HID support
+#
+# CONFIG_INTEL_ISH_HID is not set
+CONFIG_USB_OHCI_LITTLE_ENDIAN=y
+CONFIG_USB_SUPPORT=y
+CONFIG_USB_ARCH_HAS_HCD=y
+# CONFIG_USB is not set
+CONFIG_USB_PCI=y
+
+#
+# USB port drivers
+#
+
+#
+# USB Physical Layer drivers
+#
+# CONFIG_NOP_USB_XCEIV is not set
+# CONFIG_USB_GADGET is not set
+# CONFIG_TYPEC is not set
+# CONFIG_USB_ULPI_BUS is not set
+# CONFIG_UWB is not set
+# CONFIG_MMC is not set
+# CONFIG_MEMSTICK is not set
+# CONFIG_NEW_LEDS is not set
+# CONFIG_ACCESSIBILITY is not set
+# CONFIG_INFINIBAND is not set
+CONFIG_EDAC_ATOMIC_SCRUB=y
+CONFIG_EDAC_SUPPORT=y
+CONFIG_RTC_LIB=y
+CONFIG_RTC_MC146818_LIB=y
+# CONFIG_RTC_CLASS is not set
+# CONFIG_DMADEVICES is not set
+
+#
+# DMABUF options
+#
+# CONFIG_SYNC_FILE is not set
+# CONFIG_AUXDISPLAY is not set
+# CONFIG_UIO is not set
+# CONFIG_VIRT_DRIVERS is not set
+CONFIG_VIRTIO=y
+CONFIG_VIRTIO_MENU=y
+CONFIG_VIRTIO_PCI=y
+CONFIG_VIRTIO_PCI_LEGACY=y
+CONFIG_VIRTIO_BALLOON=y
+# CONFIG_VIRTIO_INPUT is not set
+CONFIG_VIRTIO_MMIO=y
+# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set
+
+#
+# Microsoft Hyper-V guest support
+#
+# CONFIG_STAGING is not set
+CONFIG_X86_PLATFORM_DEVICES=y
+# CONFIG_ACER_WIRELESS is not set
+# CONFIG_ACERHDF is not set
+# CONFIG_DELL_SMBIOS is not set
+# CONFIG_DELL_SMO8800 is not set
+# CONFIG_FUJITSU_TABLET is not set
+# CONFIG_GPD_POCKET_FAN is not set
+# CONFIG_HP_ACCEL is not set
+# CONFIG_HP_WIRELESS is not set
+# CONFIG_SENSORS_HDAPS is not set
+# CONFIG_INTEL_MENLOW is not set
+# CONFIG_ASUS_WIRELESS is not set
+# CONFIG_ACPI_WMI is not set
+# CONFIG_TOPSTAR_LAPTOP is not set
+# CONFIG_TOSHIBA_BT_RFKILL is not set
+# CONFIG_TOSHIBA_HAPS is not set
+# CONFIG_ACPI_CMPC is not set
+# CONFIG_INTEL_HID_EVENT is not set
+# CONFIG_INTEL_VBTN is not set
+# CONFIG_INTEL_IPS is not set
+# CONFIG_INTEL_PMC_CORE is not set
+# CONFIG_IBM_RTL is not set
+# CONFIG_SAMSUNG_Q10 is not set
+# CONFIG_INTEL_RST is not set
+# CONFIG_INTEL_SMARTCONNECT is not set
+# CONFIG_PVPANIC is not set
+# CONFIG_INTEL_PMC_IPC is not set
+# CONFIG_SURFACE_PRO3_BUTTON is not set
+# CONFIG_INTEL_PUNIT_IPC is not set
+CONFIG_PMC_ATOM=y
+# CONFIG_CHROME_PLATFORMS is not set
+# CONFIG_MELLANOX_PLATFORM is not set
+CONFIG_CLKDEV_LOOKUP=y
+CONFIG_HAVE_CLK_PREPARE=y
+CONFIG_COMMON_CLK=y
+
+#
+# Common Clock Framework
+#
+# CONFIG_HWSPINLOCK is not set
+
+#
+# Clock Source drivers
+#
+CONFIG_CLKEVT_I8253=y
+CONFIG_I8253_LOCK=y
+CONFIG_CLKBLD_I8253=y
+# CONFIG_MAILBOX is not set
+CONFIG_IOMMU_SUPPORT=y
+
+#
+# Generic IOMMU Pagetable Support
+#
+# CONFIG_AMD_IOMMU is not set
+# CONFIG_INTEL_IOMMU is not set
+# CONFIG_IRQ_REMAP is not set
+
+#
+# Remoteproc drivers
+#
+# CONFIG_REMOTEPROC is not set
+
+#
+# Rpmsg drivers
+#
+# CONFIG_RPMSG_VIRTIO is not set
+# CONFIG_SOUNDWIRE is not set
+
+#
+# SOC (System On Chip) specific Drivers
+#
+
+#
+# Amlogic SoC drivers
+#
+
+#
+# Broadcom SoC drivers
+#
+
+#
+# i.MX SoC drivers
+#
+
+#
+# Qualcomm SoC drivers
+#
+# CONFIG_SOC_TI is not set
+
+#
+# Xilinx SoC drivers
+#
+# CONFIG_XILINX_VCU is not set
+# CONFIG_PM_DEVFREQ is not set
+# CONFIG_EXTCON is not set
+# CONFIG_MEMORY is not set
+# CONFIG_IIO is not set
+# CONFIG_NTB is not set
+# CONFIG_VME_BUS is not set
+# CONFIG_PWM is not set
+
+#
+# IRQ chip support
+#
+CONFIG_ARM_GIC_MAX_NR=1
+# CONFIG_IPACK_BUS is not set
+# CONFIG_RESET_CONTROLLER is not set
+# CONFIG_FMC is not set
+
+#
+# PHY Subsystem
+#
+# CONFIG_GENERIC_PHY is not set
+# CONFIG_BCM_KONA_USB2_PHY is not set
+# CONFIG_PHY_PXA_28NM_HSIC is not set
+# CONFIG_PHY_PXA_28NM_USB2 is not set
+# CONFIG_POWERCAP is not set
+# CONFIG_MCB is not set
+
+#
+# Performance monitor support
+#
+# CONFIG_RAS is not set
+# CONFIG_THUNDERBOLT is not set
+
+#
+# Android
+#
+# CONFIG_ANDROID is not set
+# CONFIG_LIBNVDIMM is not set
+# CONFIG_DAX is not set
+# CONFIG_NVMEM is not set
+
+#
+# HW tracing support
+#
+# CONFIG_STM is not set
+# CONFIG_INTEL_TH is not set
+# CONFIG_FPGA is not set
+# CONFIG_UNISYS_VISORBUS is not set
+# CONFIG_SIOX is not set
+# CONFIG_SLIMBUS is not set
+
+#
+# Firmware Drivers
+#
+# CONFIG_EDD is not set
+CONFIG_FIRMWARE_MEMMAP=y
+# CONFIG_DELL_RBU is not set
+# CONFIG_DCDBAS is not set
+CONFIG_DMIID=y
+# CONFIG_DMI_SYSFS is not set
+CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y
+# CONFIG_ISCSI_IBFT_FIND is not set
+# CONFIG_FW_CFG_SYSFS is not set
+# CONFIG_GOOGLE_FIRMWARE is not set
+
+#
+# Tegra firmware driver
+#
+
+#
+# File systems
+#
+CONFIG_DCACHE_WORD_ACCESS=y
+CONFIG_FS_IOMAP=y
+CONFIG_EXT2_FS=y
+# CONFIG_EXT2_FS_XATTR is not set
+CONFIG_EXT3_FS=y
+# CONFIG_EXT3_FS_POSIX_ACL is not set
+# CONFIG_EXT3_FS_SECURITY is not set
+CONFIG_EXT4_FS=y
+# CONFIG_EXT4_FS_POSIX_ACL is not set
+# CONFIG_EXT4_FS_SECURITY is not set
+# CONFIG_EXT4_ENCRYPTION is not set
+# CONFIG_EXT4_DEBUG is not set
+CONFIG_JBD2=y
+# CONFIG_JBD2_DEBUG is not set
+CONFIG_FS_MBCACHE=y
+CONFIG_REISERFS_FS=y
+# CONFIG_REISERFS_CHECK is not set
+# CONFIG_REISERFS_PROC_INFO is not set
+# CONFIG_REISERFS_FS_XATTR is not set
+# CONFIG_JFS_FS is not set
+# CONFIG_XFS_FS is not set
+# CONFIG_GFS2_FS is not set
+# CONFIG_BTRFS_FS is not set
+# CONFIG_NILFS2_FS is not set
+# CONFIG_F2FS_FS is not set
+# CONFIG_FS_DAX is not set
+CONFIG_FS_POSIX_ACL=y
+CONFIG_EXPORTFS=y
+# CONFIG_EXPORTFS_BLOCK_OPS is not set
+CONFIG_FILE_LOCKING=y
+CONFIG_MANDATORY_FILE_LOCKING=y
+# CONFIG_FS_ENCRYPTION is not set
+CONFIG_FSNOTIFY=y
+CONFIG_DNOTIFY=y
+CONFIG_INOTIFY_USER=y
+# CONFIG_FANOTIFY is not set
+CONFIG_QUOTA=y
+# CONFIG_QUOTA_NETLINK_INTERFACE is not set
+CONFIG_PRINT_QUOTA_WARNING=y
+# CONFIG_QUOTA_DEBUG is not set
+# CONFIG_QFMT_V1 is not set
+# CONFIG_QFMT_V2 is not set
+CONFIG_QUOTACTL=y
+CONFIG_AUTOFS4_FS=y
+CONFIG_AUTOFS_FS=y
+# CONFIG_FUSE_FS is not set
+# CONFIG_OVERLAY_FS is not set
+
+#
+# Caches
+#
+# CONFIG_FSCACHE is not set
+
+#
+# CD-ROM/DVD Filesystems
+#
+CONFIG_ISO9660_FS=y
+CONFIG_JOLIET=y
+# CONFIG_ZISOFS is not set
+# CONFIG_UDF_FS is not set
+
+#
+# DOS/FAT/NT Filesystems
+#
+# CONFIG_MSDOS_FS is not set
+# CONFIG_VFAT_FS is not set
+# CONFIG_NTFS_FS is not set
+
+#
+# Pseudo filesystems
+#
+CONFIG_PROC_FS=y
+CONFIG_PROC_KCORE=y
+CONFIG_PROC_SYSCTL=y
+CONFIG_PROC_PAGE_MONITOR=y
+# CONFIG_PROC_CHILDREN is not set
+CONFIG_KERNFS=y
+CONFIG_SYSFS=y
+CONFIG_TMPFS=y
+# CONFIG_TMPFS_POSIX_ACL is not set
+# CONFIG_TMPFS_XATTR is not set
+# CONFIG_HUGETLBFS is not set
+CONFIG_MEMFD_CREATE=y
+# CONFIG_CONFIGFS_FS is not set
+CONFIG_MISC_FILESYSTEMS=y
+# CONFIG_ORANGEFS_FS is not set
+# CONFIG_ADFS_FS is not set
+# CONFIG_AFFS_FS is not set
+# CONFIG_ECRYPT_FS is not set
+# CONFIG_HFS_FS is not set
+# CONFIG_HFSPLUS_FS is not set
+# CONFIG_BEFS_FS is not set
+# CONFIG_BFS_FS is not set
+# CONFIG_EFS_FS is not set
+# CONFIG_CRAMFS is not set
+# CONFIG_SQUASHFS is not set
+# CONFIG_VXFS_FS is not set
+# CONFIG_MINIX_FS is not set
+# CONFIG_OMFS_FS is not set
+# CONFIG_HPFS_FS is not set
+# CONFIG_QNX4FS_FS is not set
+# CONFIG_QNX6FS_FS is not set
+# CONFIG_ROMFS_FS is not set
+# CONFIG_PSTORE is not set
+# CONFIG_SYSV_FS is not set
+# CONFIG_UFS_FS is not set
+CONFIG_NETWORK_FILESYSTEMS=y
+# CONFIG_NFS_FS is not set
+# CONFIG_NFSD is not set
+# CONFIG_CEPH_FS is not set
+# CONFIG_CIFS is not set
+# CONFIG_CODA_FS is not set
+# CONFIG_AFS_FS is not set
+CONFIG_9P_FS=y
+CONFIG_9P_FS_POSIX_ACL=y
+# CONFIG_9P_FS_SECURITY is not set
+CONFIG_NLS=y
+CONFIG_NLS_DEFAULT="iso8859-1"
+# CONFIG_NLS_CODEPAGE_437 is not set
+# CONFIG_NLS_CODEPAGE_737 is not set
+# CONFIG_NLS_CODEPAGE_775 is not set
+# CONFIG_NLS_CODEPAGE_850 is not set
+# CONFIG_NLS_CODEPAGE_852 is not set
+# CONFIG_NLS_CODEPAGE_855 is not set
+# CONFIG_NLS_CODEPAGE_857 is not set
+# CONFIG_NLS_CODEPAGE_860 is not set
+# CONFIG_NLS_CODEPAGE_861 is not set
+# CONFIG_NLS_CODEPAGE_862 is not set
+# CONFIG_NLS_CODEPAGE_863 is not set
+# CONFIG_NLS_CODEPAGE_864 is not set
+# CONFIG_NLS_CODEPAGE_865 is not set
+# CONFIG_NLS_CODEPAGE_866 is not set
+# CONFIG_NLS_CODEPAGE_869 is not set
+# CONFIG_NLS_CODEPAGE_936 is not set
+# CONFIG_NLS_CODEPAGE_950 is not set
+# CONFIG_NLS_CODEPAGE_932 is not set
+# CONFIG_NLS_CODEPAGE_949 is not set
+# CONFIG_NLS_CODEPAGE_874 is not set
+# CONFIG_NLS_ISO8859_8 is not set
+# CONFIG_NLS_CODEPAGE_1250 is not set
+# CONFIG_NLS_CODEPAGE_1251 is not set
+# CONFIG_NLS_ASCII is not set
+# CONFIG_NLS_ISO8859_1 is not set
+# CONFIG_NLS_ISO8859_2 is not set
+# CONFIG_NLS_ISO8859_3 is not set
+# CONFIG_NLS_ISO8859_4 is not set
+# CONFIG_NLS_ISO8859_5 is not set
+# CONFIG_NLS_ISO8859_6 is not set
+# CONFIG_NLS_ISO8859_7 is not set
+# CONFIG_NLS_ISO8859_9 is not set
+# CONFIG_NLS_ISO8859_13 is not set
+# CONFIG_NLS_ISO8859_14 is not set
+# CONFIG_NLS_ISO8859_15 is not set
+# CONFIG_NLS_KOI8_R is not set
+# CONFIG_NLS_KOI8_U is not set
+# CONFIG_NLS_MAC_ROMAN is not set
+# CONFIG_NLS_MAC_CELTIC is not set
+# CONFIG_NLS_MAC_CENTEURO is not set
+# CONFIG_NLS_MAC_CROATIAN is not set
+# CONFIG_NLS_MAC_CYRILLIC is not set
+# CONFIG_NLS_MAC_GAELIC is not set
+# CONFIG_NLS_MAC_GREEK is not set
+# CONFIG_NLS_MAC_ICELAND is not set
+# CONFIG_NLS_MAC_INUIT is not set
+# CONFIG_NLS_MAC_ROMANIAN is not set
+# CONFIG_NLS_MAC_TURKISH is not set
+# CONFIG_NLS_UTF8 is not set
+
+#
+# Kernel hacking
+#
+CONFIG_TRACE_IRQFLAGS_SUPPORT=y
+
+#
+# printk and dmesg options
+#
+# CONFIG_PRINTK_TIME is not set
+CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7
+CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4
+# CONFIG_BOOT_PRINTK_DELAY is not set
+
+#
+# Compile-time checks and compiler options
+#
+CONFIG_DEBUG_INFO=y
+# CONFIG_DEBUG_INFO_REDUCED is not set
+# CONFIG_DEBUG_INFO_SPLIT is not set
+# CONFIG_DEBUG_INFO_DWARF4 is not set
+# CONFIG_GDB_SCRIPTS is not set
+CONFIG_ENABLE_WARN_DEPRECATED=y
+CONFIG_ENABLE_MUST_CHECK=y
+CONFIG_FRAME_WARN=1024
+# CONFIG_STRIP_ASM_SYMS is not set
+# CONFIG_READABLE_ASM is not set
+# CONFIG_UNUSED_SYMBOLS is not set
+# CONFIG_PAGE_OWNER is not set
+# CONFIG_DEBUG_FS is not set
+# CONFIG_HEADERS_CHECK is not set
+# CONFIG_DEBUG_SECTION_MISMATCH is not set
+CONFIG_SECTION_MISMATCH_WARN_ONLY=y
+CONFIG_STACK_VALIDATION=y
+# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
+# CONFIG_MAGIC_SYSRQ is not set
+CONFIG_DEBUG_KERNEL=y
+
+#
+# Memory Debugging
+#
+# CONFIG_PAGE_EXTENSION is not set
+# CONFIG_DEBUG_PAGEALLOC is not set
+# CONFIG_PAGE_POISONING is not set
+CONFIG_DEBUG_RODATA_TEST=y
+# CONFIG_DEBUG_OBJECTS is not set
+# CONFIG_DEBUG_SLAB is not set
+CONFIG_HAVE_DEBUG_KMEMLEAK=y
+# CONFIG_DEBUG_KMEMLEAK is not set
+# CONFIG_DEBUG_STACK_USAGE is not set
+# CONFIG_DEBUG_VM is not set
+CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
+# CONFIG_DEBUG_VIRTUAL is not set
+CONFIG_DEBUG_MEMORY_INIT=y
+CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
+# CONFIG_DEBUG_STACKOVERFLOW is not set
+CONFIG_HAVE_ARCH_KASAN=y
+# CONFIG_KASAN is not set
+CONFIG_ARCH_HAS_KCOV=y
+# CONFIG_DEBUG_SHIRQ is not set
+
+#
+# Debug Lockups and Hangs
+#
+# CONFIG_SOFTLOCKUP_DETECTOR is not set
+CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y
+# CONFIG_HARDLOCKUP_DETECTOR is not set
+CONFIG_DETECT_HUNG_TASK=y
+CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120
+# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
+CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0
+# CONFIG_WQ_WATCHDOG is not set
+# CONFIG_PANIC_ON_OOPS is not set
+CONFIG_PANIC_ON_OOPS_VALUE=0
+CONFIG_PANIC_TIMEOUT=0
+# CONFIG_SCHED_DEBUG is not set
+# CONFIG_SCHEDSTATS is not set
+# CONFIG_SCHED_STACK_END_CHECK is not set
+# CONFIG_DEBUG_TIMEKEEPING is not set
+
+#
+# Lock Debugging (spinlocks, mutexes, etc...)
+#
+CONFIG_LOCK_DEBUGGING_SUPPORT=y
+# CONFIG_PROVE_LOCKING is not set
+# CONFIG_LOCK_STAT is not set
+# CONFIG_DEBUG_RT_MUTEXES is not set
+# CONFIG_DEBUG_SPINLOCK is not set
+# CONFIG_DEBUG_MUTEXES is not set
+# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
+# CONFIG_DEBUG_LOCK_ALLOC is not set
+# CONFIG_DEBUG_ATOMIC_SLEEP is not set
+# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
+# CONFIG_LOCK_TORTURE_TEST is not set
+# CONFIG_WW_MUTEX_SELFTEST is not set
+# CONFIG_STACKTRACE is not set
+# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set
+# CONFIG_DEBUG_KOBJECT is not set
+CONFIG_DEBUG_BUGVERBOSE=y
+# CONFIG_DEBUG_LIST is not set
+# CONFIG_DEBUG_PI_LIST is not set
+# CONFIG_DEBUG_SG is not set
+# CONFIG_DEBUG_NOTIFIERS is not set
+# CONFIG_DEBUG_CREDENTIALS is not set
+
+#
+# RCU Debugging
+#
+# CONFIG_RCU_PERF_TEST is not set
+# CONFIG_RCU_TORTURE_TEST is not set
+# CONFIG_RCU_TRACE is not set
+# CONFIG_RCU_EQS_DEBUG is not set
+# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set
+# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set
+# CONFIG_NOTIFIER_ERROR_INJECTION is not set
+# CONFIG_FAULT_INJECTION is not set
+# CONFIG_LATENCYTOP is not set
+CONFIG_USER_STACKTRACE_SUPPORT=y
+CONFIG_HAVE_FUNCTION_TRACER=y
+CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
+CONFIG_HAVE_DYNAMIC_FTRACE=y
+CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y
+CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
+CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
+CONFIG_HAVE_FENTRY=y
+CONFIG_HAVE_C_RECORDMCOUNT=y
+CONFIG_TRACING_SUPPORT=y
+CONFIG_FTRACE=y
+# CONFIG_FUNCTION_TRACER is not set
+# CONFIG_IRQSOFF_TRACER is not set
+# CONFIG_SCHED_TRACER is not set
+# CONFIG_HWLAT_TRACER is not set
+# CONFIG_ENABLE_DEFAULT_TRACERS is not set
+# CONFIG_FTRACE_SYSCALLS is not set
+# CONFIG_TRACER_SNAPSHOT is not set
+CONFIG_BRANCH_PROFILE_NONE=y
+# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
+# CONFIG_PROFILE_ALL_BRANCHES is not set
+# CONFIG_STACK_TRACER is not set
+# CONFIG_BLK_DEV_IO_TRACE is not set
+# CONFIG_UPROBE_EVENTS is not set
+# CONFIG_MMIOTRACE is not set
+# CONFIG_HIST_TRIGGERS is not set
+# CONFIG_TRACEPOINT_BENCHMARK is not set
+# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
+# CONFIG_DMA_API_DEBUG is not set
+CONFIG_RUNTIME_TESTING_MENU=y
+# CONFIG_TEST_LIST_SORT is not set
+# CONFIG_TEST_SORT is not set
+# CONFIG_BACKTRACE_SELF_TEST is not set
+# CONFIG_RBTREE_TEST is not set
+# CONFIG_INTERVAL_TREE_TEST is not set
+# CONFIG_ATOMIC64_SELFTEST is not set
+# CONFIG_TEST_HEXDUMP is not set
+# CONFIG_TEST_STRING_HELPERS is not set
+# CONFIG_TEST_KSTRTOX is not set
+# CONFIG_TEST_PRINTF is not set
+# CONFIG_TEST_BITMAP is not set
+# CONFIG_TEST_UUID is not set
+# CONFIG_TEST_OVERFLOW is not set
+# CONFIG_TEST_RHASHTABLE is not set
+# CONFIG_TEST_HASH is not set
+# CONFIG_FIND_BIT_BENCHMARK is not set
+# CONFIG_TEST_FIRMWARE is not set
+# CONFIG_TEST_SYSCTL is not set
+# CONFIG_TEST_UDELAY is not set
+# CONFIG_MEMTEST is not set
+# CONFIG_BUG_ON_DATA_CORRUPTION is not set
+# CONFIG_SAMPLES is not set
+CONFIG_HAVE_ARCH_KGDB=y
+# CONFIG_KGDB is not set
+CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y
+# CONFIG_UBSAN is not set
+CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y
+# CONFIG_STRICT_DEVMEM is not set
+CONFIG_X86_VERBOSE_BOOTUP=y
+CONFIG_EARLY_PRINTK=y
+# CONFIG_EARLY_PRINTK_DBGP is not set
+# CONFIG_EARLY_PRINTK_USB_XDBC is not set
+# CONFIG_X86_PTDUMP is not set
+# CONFIG_DEBUG_WX is not set
+CONFIG_DOUBLEFAULT=y
+# CONFIG_DEBUG_TLBFLUSH is not set
+# CONFIG_IOMMU_DEBUG is not set
+CONFIG_HAVE_MMIOTRACE_SUPPORT=y
+CONFIG_IO_DELAY_TYPE_0X80=0
+CONFIG_IO_DELAY_TYPE_0XED=1
+CONFIG_IO_DELAY_TYPE_UDELAY=2
+CONFIG_IO_DELAY_TYPE_NONE=3
+CONFIG_IO_DELAY_0X80=y
+# CONFIG_IO_DELAY_0XED is not set
+# CONFIG_IO_DELAY_UDELAY is not set
+# CONFIG_IO_DELAY_NONE is not set
+CONFIG_DEFAULT_IO_DELAY_TYPE=0
+# CONFIG_CPA_DEBUG is not set
+# CONFIG_OPTIMIZE_INLINING is not set
+# CONFIG_DEBUG_ENTRY is not set
+# CONFIG_DEBUG_NMI_SELFTEST is not set
+CONFIG_X86_DEBUG_FPU=y
+# CONFIG_PUNIT_ATOM_DEBUG is not set
+CONFIG_UNWINDER_ORC=y
+# CONFIG_UNWINDER_FRAME_POINTER is not set
+
+#
+# Security options
+#
+CONFIG_KEYS=y
+# CONFIG_PERSISTENT_KEYRINGS is not set
+# CONFIG_BIG_KEYS is not set
+# CONFIG_ENCRYPTED_KEYS is not set
+# CONFIG_KEY_DH_OPERATIONS is not set
+# CONFIG_SECURITY_DMESG_RESTRICT is not set
+# CONFIG_SECURITY is not set
+# CONFIG_SECURITYFS is not set
+CONFIG_PAGE_TABLE_ISOLATION=y
+CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
+# CONFIG_HARDENED_USERCOPY is not set
+# CONFIG_FORTIFY_SOURCE is not set
+# CONFIG_STATIC_USERMODEHELPER is not set
+CONFIG_DEFAULT_SECURITY_DAC=y
+CONFIG_DEFAULT_SECURITY=""
+CONFIG_CRYPTO=y
+
+#
+# Crypto core or helper
+#
+CONFIG_CRYPTO_ALGAPI=y
+CONFIG_CRYPTO_ALGAPI2=y
+CONFIG_CRYPTO_AEAD=y
+CONFIG_CRYPTO_AEAD2=y
+CONFIG_CRYPTO_BLKCIPHER=y
+CONFIG_CRYPTO_BLKCIPHER2=y
+CONFIG_CRYPTO_HASH=y
+CONFIG_CRYPTO_HASH2=y
+CONFIG_CRYPTO_RNG=y
+CONFIG_CRYPTO_RNG2=y
+CONFIG_CRYPTO_RNG_DEFAULT=y
+CONFIG_CRYPTO_AKCIPHER2=y
+CONFIG_CRYPTO_AKCIPHER=y
+CONFIG_CRYPTO_KPP2=y
+CONFIG_CRYPTO_KPP=y
+CONFIG_CRYPTO_ACOMP2=y
+CONFIG_CRYPTO_RSA=y
+CONFIG_CRYPTO_DH=y
+CONFIG_CRYPTO_ECDH=y
+CONFIG_CRYPTO_MANAGER=y
+CONFIG_CRYPTO_MANAGER2=y
+CONFIG_CRYPTO_USER=y
+CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
+CONFIG_CRYPTO_GF128MUL=y
+CONFIG_CRYPTO_NULL=y
+CONFIG_CRYPTO_NULL2=y
+CONFIG_CRYPTO_WORKQUEUE=y
+CONFIG_CRYPTO_CRYPTD=y
+CONFIG_CRYPTO_MCRYPTD=y
+CONFIG_CRYPTO_AUTHENC=y
+CONFIG_CRYPTO_SIMD=y
+CONFIG_CRYPTO_GLUE_HELPER_X86=y
+
+#
+# Authenticated Encryption with Associated Data
+#
+CONFIG_CRYPTO_CCM=y
+CONFIG_CRYPTO_GCM=y
+CONFIG_CRYPTO_CHACHA20POLY1305=y
+# CONFIG_CRYPTO_AEGIS128 is not set
+# CONFIG_CRYPTO_AEGIS128L is not set
+# CONFIG_CRYPTO_AEGIS256 is not set
+# CONFIG_CRYPTO_AEGIS128_AESNI_SSE2 is not set
+# CONFIG_CRYPTO_AEGIS128L_AESNI_SSE2 is not set
+# CONFIG_CRYPTO_AEGIS256_AESNI_SSE2 is not set
+# CONFIG_CRYPTO_MORUS640 is not set
+# CONFIG_CRYPTO_MORUS640_SSE2 is not set
+# CONFIG_CRYPTO_MORUS1280 is not set
+# CONFIG_CRYPTO_MORUS1280_SSE2 is not set
+# CONFIG_CRYPTO_MORUS1280_AVX2 is not set
+CONFIG_CRYPTO_SEQIV=y
+CONFIG_CRYPTO_ECHAINIV=y
+
+#
+# Block modes
+#
+CONFIG_CRYPTO_CBC=y
+# CONFIG_CRYPTO_CFB is not set
+CONFIG_CRYPTO_CTR=y
+# CONFIG_CRYPTO_CTS is not set
+CONFIG_CRYPTO_ECB=y
+CONFIG_CRYPTO_LRW=y
+CONFIG_CRYPTO_PCBC=y
+CONFIG_CRYPTO_XTS=y
+# CONFIG_CRYPTO_KEYWRAP is not set
+
+#
+# Hash modes
+#
+CONFIG_CRYPTO_CMAC=y
+CONFIG_CRYPTO_HMAC=y
+CONFIG_CRYPTO_XCBC=y
+# CONFIG_CRYPTO_VMAC is not set
+
+#
+# Digest
+#
+CONFIG_CRYPTO_CRC32C=y
+# CONFIG_CRYPTO_CRC32C_INTEL is not set
+# CONFIG_CRYPTO_CRC32 is not set
+# CONFIG_CRYPTO_CRC32_PCLMUL is not set
+# CONFIG_CRYPTO_CRCT10DIF is not set
+CONFIG_CRYPTO_GHASH=y
+CONFIG_CRYPTO_POLY1305=y
+CONFIG_CRYPTO_POLY1305_X86_64=y
+CONFIG_CRYPTO_MD4=y
+CONFIG_CRYPTO_MD5=y
+CONFIG_CRYPTO_MICHAEL_MIC=y
+CONFIG_CRYPTO_RMD128=y
+CONFIG_CRYPTO_RMD160=y
+CONFIG_CRYPTO_RMD256=y
+CONFIG_CRYPTO_RMD320=y
+CONFIG_CRYPTO_SHA1=y
+# CONFIG_CRYPTO_SHA1_SSSE3 is not set
+CONFIG_CRYPTO_SHA256_SSSE3=y
+CONFIG_CRYPTO_SHA512_SSSE3=y
+# CONFIG_CRYPTO_SHA1_MB is not set
+CONFIG_CRYPTO_SHA256_MB=y
+CONFIG_CRYPTO_SHA512_MB=y
+CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_SHA512=y
+CONFIG_CRYPTO_SHA3=y
+CONFIG_CRYPTO_SM3=y
+CONFIG_CRYPTO_TGR192=y
+CONFIG_CRYPTO_WP512=y
+# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set
+
+#
+# Ciphers
+#
+CONFIG_CRYPTO_AES=y
+# CONFIG_CRYPTO_AES_TI is not set
+CONFIG_CRYPTO_AES_X86_64=y
+CONFIG_CRYPTO_AES_NI_INTEL=y
+CONFIG_CRYPTO_ANUBIS=y
+CONFIG_CRYPTO_ARC4=y
+CONFIG_CRYPTO_BLOWFISH=y
+CONFIG_CRYPTO_BLOWFISH_COMMON=y
+CONFIG_CRYPTO_BLOWFISH_X86_64=y
+CONFIG_CRYPTO_CAMELLIA=y
+CONFIG_CRYPTO_CAMELLIA_X86_64=y
+CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=y
+CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=y
+CONFIG_CRYPTO_CAST_COMMON=y
+CONFIG_CRYPTO_CAST5=y
+CONFIG_CRYPTO_CAST5_AVX_X86_64=y
+CONFIG_CRYPTO_CAST6=y
+CONFIG_CRYPTO_CAST6_AVX_X86_64=y
+CONFIG_CRYPTO_DES=y
+# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set
+CONFIG_CRYPTO_FCRYPT=y
+CONFIG_CRYPTO_KHAZAD=y
+CONFIG_CRYPTO_SALSA20=y
+CONFIG_CRYPTO_CHACHA20=y
+CONFIG_CRYPTO_CHACHA20_X86_64=y
+CONFIG_CRYPTO_SEED=y
+CONFIG_CRYPTO_SERPENT=y
+CONFIG_CRYPTO_SERPENT_SSE2_X86_64=y
+CONFIG_CRYPTO_SERPENT_AVX_X86_64=y
+CONFIG_CRYPTO_SERPENT_AVX2_X86_64=y
+CONFIG_CRYPTO_SM4=y
+# CONFIG_CRYPTO_SPECK is not set
+CONFIG_CRYPTO_TEA=y
+CONFIG_CRYPTO_TWOFISH=y
+CONFIG_CRYPTO_TWOFISH_COMMON=y
+CONFIG_CRYPTO_TWOFISH_X86_64=y
+CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=y
+CONFIG_CRYPTO_TWOFISH_AVX_X86_64=y
+
+#
+# Compression
+#
+CONFIG_CRYPTO_DEFLATE=y
+CONFIG_CRYPTO_LZO=y
+CONFIG_CRYPTO_842=y
+CONFIG_CRYPTO_LZ4=y
+CONFIG_CRYPTO_LZ4HC=y
+# CONFIG_CRYPTO_ZSTD is not set
+
+#
+# Random Number Generation
+#
+# CONFIG_CRYPTO_ANSI_CPRNG is not set
+CONFIG_CRYPTO_DRBG_MENU=y
+CONFIG_CRYPTO_DRBG_HMAC=y
+CONFIG_CRYPTO_DRBG_HASH=y
+CONFIG_CRYPTO_DRBG_CTR=y
+CONFIG_CRYPTO_DRBG=y
+CONFIG_CRYPTO_JITTERENTROPY=y
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
+CONFIG_CRYPTO_USER_API_SKCIPHER=y
+# CONFIG_CRYPTO_USER_API_RNG is not set
+CONFIG_CRYPTO_USER_API_AEAD=y
+CONFIG_CRYPTO_HASH_INFO=y
+# CONFIG_CRYPTO_HW is not set
+CONFIG_ASYMMETRIC_KEY_TYPE=y
+CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
+CONFIG_X509_CERTIFICATE_PARSER=y
+CONFIG_PKCS7_MESSAGE_PARSER=y
+
+#
+# Certificates for signature checking
+#
+CONFIG_SYSTEM_TRUSTED_KEYRING=y
+CONFIG_SYSTEM_TRUSTED_KEYS=""
+# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
+# CONFIG_SECONDARY_TRUSTED_KEYRING is not set
+# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set
+CONFIG_HAVE_KVM=y
+CONFIG_VIRTUALIZATION=y
+# CONFIG_KVM is not set
+# CONFIG_VHOST_NET is not set
+# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set
+
+#
+# Library routines
+#
+CONFIG_BITREVERSE=y
+CONFIG_RATIONAL=y
+CONFIG_GENERIC_STRNCPY_FROM_USER=y
+CONFIG_GENERIC_STRNLEN_USER=y
+CONFIG_GENERIC_NET_UTILS=y
+CONFIG_GENERIC_FIND_FIRST_BIT=y
+CONFIG_GENERIC_PCI_IOMAP=y
+CONFIG_GENERIC_IOMAP=y
+CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y
+CONFIG_ARCH_HAS_FAST_MULTIPLIER=y
+CONFIG_CRC_CCITT=y
+CONFIG_CRC16=y
+# CONFIG_CRC_T10DIF is not set
+CONFIG_CRC_ITU_T=y
+CONFIG_CRC32=y
+# CONFIG_CRC32_SELFTEST is not set
+CONFIG_CRC32_SLICEBY8=y
+# CONFIG_CRC32_SLICEBY4 is not set
+# CONFIG_CRC32_SARWATE is not set
+# CONFIG_CRC32_BIT is not set
+# CONFIG_CRC4 is not set
+CONFIG_CRC7=y
+CONFIG_LIBCRC32C=y
+# CONFIG_CRC8 is not set
+# CONFIG_RANDOM32_SELFTEST is not set
+CONFIG_842_COMPRESS=y
+CONFIG_842_DECOMPRESS=y
+CONFIG_ZLIB_INFLATE=y
+CONFIG_ZLIB_DEFLATE=y
+CONFIG_LZO_COMPRESS=y
+CONFIG_LZO_DECOMPRESS=y
+CONFIG_LZ4_COMPRESS=y
+CONFIG_LZ4HC_COMPRESS=y
+CONFIG_LZ4_DECOMPRESS=y
+# CONFIG_XZ_DEC is not set
+CONFIG_TEXTSEARCH=y
+CONFIG_TEXTSEARCH_KMP=y
+CONFIG_TEXTSEARCH_BM=y
+CONFIG_TEXTSEARCH_FSM=y
+CONFIG_ASSOCIATIVE_ARRAY=y
+CONFIG_HAS_IOMEM=y
+CONFIG_HAS_IOPORT_MAP=y
+CONFIG_HAS_DMA=y
+CONFIG_NEED_SG_DMA_LENGTH=y
+CONFIG_NEED_DMA_MAP_STATE=y
+CONFIG_ARCH_DMA_ADDR_T_64BIT=y
+CONFIG_DMA_DIRECT_OPS=y
+CONFIG_SWIOTLB=y
+CONFIG_SGL_ALLOC=y
+CONFIG_IOMMU_HELPER=y
+CONFIG_DQL=y
+CONFIG_NLATTR=y
+CONFIG_CLZ_TAB=y
+# CONFIG_CORDIC is not set
+# CONFIG_DDR is not set
+# CONFIG_IRQ_POLL is not set
+CONFIG_MPILIB=y
+CONFIG_OID_REGISTRY=y
+CONFIG_ARCH_HAS_SG_CHAIN=y
+CONFIG_ARCH_HAS_PMEM_API=y
+CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y
+CONFIG_SBITMAP=y
+# CONFIG_STRING_SELFTEST is not set
diff --git a/testing/do-tests b/testing/do-tests
index 641529533..52d0d70eb 100755
--- a/testing/do-tests
+++ b/testing/do-tests
@@ -444,20 +444,22 @@ do
next
}
printf("cmd_err=\044(tempfile -p test -s err); ")
+ printf("cmd_out=\044(tempfile -p test -s out); ")
if (command == "tcpdump")
{
printf("if [ \044TDUP_%s == \"true\" ]; then stop_tcpdump %s; fi; \n", host, host)
- printf("cmd_out=\044(ssh \044SSHCONF root@\044ipv4_%s cat /tmp/tcpdump.log | grep \"%s\"); ", host, pattern)
+ printf("ssh \044SSHCONF root@\044ipv4_%s cat /tmp/tcpdump.log > \044cmd_out; ", host)
}
else
{
- printf("cmd_out=\044(ssh \044SSHCONF root@\044ipv4_%s %s 2>\044cmd_err | grep \"%s\"); ", host, command, pattern)
+ printf("ssh \044SSHCONF root@\044ipv4_%s %s >\044cmd_out 2>\044cmd_err; ", host, command)
}
+ printf("cmd_res=\044(cat \044cmd_out | grep \"%s\"); ", pattern)
printf("cmd_exit=\044?; ")
printf("cmd_fail=0; ")
if (hit ~ /^[0-9]+$/)
{
- printf("if [ \044(echo \"\044cmd_out\" | wc -l) -ne %d ] ", hit)
+ printf("if [ \044(echo \"\044cmd_res\" | wc -l) -ne %d ] ", hit)
}
else
{
@@ -475,9 +477,14 @@ do
{
printf("echo \"$(print_time)%s# %s | grep \047%s\047 [%s]\"; ", host, command, pattern, hit)
}
- printf("if [ -n \"\044cmd_out\" ]; then echo \"\044cmd_out\"; fi; \n")
- printf("cat \044cmd_err; rm -f -- \044cmd_err; \n")
- printf("if [ \044cmd_fail -ne 0 ]; then echo \"~~~~~~~~~~~~~~~~~~~~\"; fi; \n")
+ printf("if [ -n \"\044cmd_res\" ]; then echo \"\044cmd_res\"; fi; \n")
+ printf("cat \044cmd_err; \n")
+ printf("if [ \044cmd_fail -ne 0 ]; then \n")
+ printf("if [ -s \044cmd_out ]; then echo \"~~ output ~~~~~~~~~~\"; \n")
+ printf("if [ \"\044verbose\" == \"YES\" ]; then cat \044cmd_out;\n")
+ printf("else cat \044cmd_out | head; fi; fi; \n")
+ printf("echo \"~~~~~~~~~~~~~~~~~~~~\"; fi; \n")
+ printf("rm -f -- \044cmd_out \044cmd_err; \n")
printf("echo; ")
}' $TESTDIR/evaltest.dat` >> $CONSOLE_LOG 2>&1
diff --git a/testing/hosts/default/usr/local/bin/systemctl b/testing/hosts/default/usr/local/bin/systemctl
new file mode 100755
index 000000000..bbe2bc9b3
--- /dev/null
+++ b/testing/hosts/default/usr/local/bin/systemctl
@@ -0,0 +1,22 @@
+#!/bin/bash
+#
+# LEAK_DETECTIVE_LOG is set for automated runs, however, this is not passed
+# to a process started via systemctl. This wrapper is used to set the variable
+# for the strongswan-swanctl.service unit.
+
+ORIG=/bin/systemctl
+CONF=/lib/systemd/system/strongswan-swanctl.service
+
+if [[ "$2" != "strongswan-swanctl" ]]; then
+ $ORIG "$@"
+fi
+
+if [[ "$1" == "start" && -n $LEAK_DETECTIVE_LOG ]]; then
+ sed -i "s:Type=:Environment=LEAK_DETECTIVE_LOG=$LEAK_DETECTIVE_LOG\nType=:" $CONF 2>/dev/null
+fi
+
+$ORIG "$@"
+
+if [[ "$1" == "stop" ]]; then
+ sed -i '/LEAK_DETECTIVE_LOG/d' $CONF 2>/dev/null
+fi
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/index.txt b/testing/hosts/winnetou/etc/openssl/ecdsa/index.txt
index 1f01a4c26..bc6b9d648 100644
--- a/testing/hosts/winnetou/etc/openssl/ecdsa/index.txt
+++ b/testing/hosts/winnetou/etc/openssl/ecdsa/index.txt
@@ -2,12 +2,19 @@ R 130621144307Z 130627211828Z,superseded 01 unknown /C=CH/O=Linux strongSwan/OU=
R 130621161252Z 080622162459Z,keyCompromise 02 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org
R 130621161359Z 130627211849Z,superseded 03 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=dave@strongswan.org
R 130621162918Z 130627211852Z,superseded 04 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org
-V 140611160633Z 05 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=moon.strongswan.org
-V 140611160706Z 06 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=moon.strongswan.org
-V 180602071743Z 07 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=moon.strongswan.org
-V 180602072050Z 08 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=moon.strongswan.org
-V 180602072738Z 09 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org
-V 180602073154Z 0A unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=carol@strongswan.org
-V 180602073328Z 0B unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=dave@strongswan.org
-V 180602073519Z 0C unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=dave@strongswan.org
-V 180602100216Z 0D unknown /C=CH/O=Linux strongSwan/OU=ECDSA 521 bit/CN=moon.strongswan.org
+R 140611160633Z 180613112511Z,superseded 05 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=moon.strongswan.org
+R 140611160706Z 180613112516Z,superseded 06 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=moon.strongswan.org
+R 180602071743Z 180613112520Z,superseded 07 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=moon.strongswan.org
+R 180602072050Z 180613112523Z,superseded 08 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=moon.strongswan.org
+R 180602072738Z 180613112527Z,superseded 09 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org
+R 180602073154Z 180613112530Z,superseded 0A unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=carol@strongswan.org
+R 180602073328Z 180613112534Z,superseded 0B unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=dave@strongswan.org
+R 180602073519Z 180613112537Z,superseded 0C unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=dave@strongswan.org
+R 180602100216Z 180613112944Z,superseded 0D unknown /C=CH/O=Linux strongSwan/OU=ECSA 521 bit/CN=moon.strongswan.org
+V 230611120443Z 0E unknown /C=CH/O=Linux strongSwan/OU=ECDSA 521 bit/CN=moon.strongswan.org
+V 230611121031Z 0F unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=dave@strongswan.org
+V 230611121121Z 10 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org
+V 230611123432Z 11 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=carol@strongswan.org
+V 230611123524Z 12 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=dave@strongswan.org
+V 230611143131Z 13 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=moon.strongswan.org
+V 230611143151Z 14 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=moon.strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/index.txt.old b/testing/hosts/winnetou/etc/openssl/ecdsa/index.txt.old
index bb87bbd13..aa36356e7 100644
--- a/testing/hosts/winnetou/etc/openssl/ecdsa/index.txt.old
+++ b/testing/hosts/winnetou/etc/openssl/ecdsa/index.txt.old
@@ -1,5 +1,19 @@
-V 130621144307Z 01 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 521 bit/CN=moon.strongswan.org
-R 130621161252Z 080622162459Z 02 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org
-V 130621161359Z 03 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=dave@strongswan.org
-V 130621162918Z 04 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org
-V 140611160633Z 05 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=moon.strongswan.org
+R 130621144307Z 130627211828Z,superseded 01 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 521 bit/CN=moon.strongswan.org
+R 130621161252Z 080622162459Z,keyCompromise 02 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org
+R 130621161359Z 130627211849Z,superseded 03 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=dave@strongswan.org
+R 130621162918Z 130627211852Z,superseded 04 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org
+R 140611160633Z 180613112511Z,superseded 05 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=moon.strongswan.org
+R 140611160706Z 180613112516Z,superseded 06 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=moon.strongswan.org
+R 180602071743Z 180613112520Z,superseded 07 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=moon.strongswan.org
+R 180602072050Z 180613112523Z,superseded 08 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=moon.strongswan.org
+R 180602072738Z 180613112527Z,superseded 09 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org
+R 180602073154Z 180613112530Z,superseded 0A unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=carol@strongswan.org
+R 180602073328Z 180613112534Z,superseded 0B unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=dave@strongswan.org
+R 180602073519Z 180613112537Z,superseded 0C unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=dave@strongswan.org
+R 180602100216Z 180613112944Z,superseded 0D unknown /C=CH/O=Linux strongSwan/OU=ECSA 521 bit/CN=moon.strongswan.org
+V 230611120443Z 0E unknown /C=CH/O=Linux strongSwan/OU=ECDSA 521 bit/CN=moon.strongswan.org
+V 230611121031Z 0F unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=dave@strongswan.org
+V 230611121121Z 10 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=carol@strongswan.org
+V 230611123432Z 11 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 384 bit/CN=carol@strongswan.org
+V 230611123524Z 12 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=dave@strongswan.org
+V 230611143131Z 13 unknown /C=CH/O=Linux strongSwan/OU=ECDSA 256 bit/CN=moon.strongswan.org
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0E.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0E.pem
new file mode 100644
index 000000000..a4962286e
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0E.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMTCCApOgAwIBAgIBDjAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTE4MDYxMzEyMDQ0M1oXDTIzMDYxMTEyMDQ0M1owXjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDUyMSBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwgZswEAYHKoZI
+zj0CAQYFK4EEACMDgYYABADF8xmbPu/a05BVtNnZflimozXZgYi+Md7hKREzL7qr
+dvtRwbyvki3XNo7zzc1HF/FcYyLJ7U1j71G6QVSN7mRHBgAspFYE1LpjBlrObWcx
+JTF74PtzYGKaMWCP+YN52u3tGaOdlvrDiJVi8i/GAuGjIG2tYQVJZQzqUgHHSWPu
+M2HRBKOCARMwggEPMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRl
+8cuEZmUGoBIWQeXSYzWq/7ou4jB4BgNVHSMEcTBvgBS6XflxthO1atHduja3qtLB
+7o/Y0qFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
+YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gRUMgUm9vdCBDQYIJAPaidX4i76aJMB4G
+A1UdEQQXMBWCE21vb24uc3Ryb25nc3dhbi5vcmcwPAYDVR0fBDUwMzAxoC+gLYYr
+aHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2VjLmNybDAKBggq
+hkjOPQQDAgOBiwAwgYcCQgDtARCWbIy+tdsD9EYw/oTxfrnsWP0fw1/3UKXjSAlT
+tZfJfE743Y7Zl2vqmRIeohQBYY09reTOFnUfYx/jONsTUQJBSB7w+z/CcTCQGIV8
+ISaaeAskxcg/+h87ha+5ZOkHoJDeJTqaatHu3dVx8OepEiQS0TSB9FNxj9g/9bYN
+Vjo6NkA=
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0F.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0F.pem
new file mode 100644
index 000000000..35b3df49a
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/0F.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDDCCAm2gAwIBAgIBDzAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTE4MDYxMzEyMTAzMVoXDTIzMDYxMTEyMTAzMVowXjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDM4NCBiaXQxHDAaBgNVBAMME2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAAQiPVu1BMrRbeXe2c7zSzBl1UeJfNeM0ocoAfYUe/8KzxU5
+7Gapbm2Gztkm/2V4Zb7PvK3LOKIrUnxNdE0nVvsdIZKSi/BZEm3BQu8lofvwQQxQ
+rWnu3qzwqEfwb0iB2WyjggETMIIBDzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAd
+BgNVHQ4EFgQUDCdvv80iOq2pGsjrnNiQFP2RjnsweAYDVR0jBHEwb4AUul35cbYT
+tWrR3bo2t6rSwe6P2NKhTKRKMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51
+eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2
+onV+Iu+miTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1
+MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9l
+Yy5jcmwwCgYIKoZIzj0EAwIDgYwAMIGIAkIBMxGGwujqlwf+JFNXW/sbxZmynwzq
+duPikzCw0wIq+YhFYJVi2YWDz0Ikfn4WUvoiUIC/uSBAJAw/3E3SHO5I4Y8CQgF2
+d6Ct2ocQwMcz5O00i3BsuOjiHvL3VB3GGG8rfIXAqwUAy4jXQo0bMh2yD+5WwKmP
+GnRyvRuhwRkbBIGt6l1mbA==
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/10.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/10.pem
new file mode 100644
index 000000000..646f6e8e3
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/10.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8TCCAlKgAwIBAgIBEDAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTE4MDYxMzEyMTEyMVoXDTIzMDYxMTEyMTEyMVowXzELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDI1NiBiaXQxHTAbBgNVBAMMFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAE3WHJOZfpI6KZX6zlKRtCvY0VwHW/K8SWjDCuoq+C
+Vb7NnQ0Lpfb22Cihwjf0/ne78AcYGapZdt8/tdxlpQm+9qOCARQwggEQMAkGA1Ud
+EwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSpGHTyNt5Tfshldm2Oz0MlnHZ+
+aTB4BgNVHSMEcTBvgBS6XflxthO1atHduja3qtLB7o/Y0qFMpEowSDELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9u
+Z1N3YW4gRUMgUm9vdCBDQYIJAPaidX4i76aJMB8GA1UdEQQYMBaBFGNhcm9sQHN0
+cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25n
+c3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5jcmwwCgYIKoZIzj0EAwIDgYwAMIGIAkIA
+7r9urYVPXwOUBU120HDb/0Z+ezMm8vFtGsrJPME9JdW7bdkb1IpWpSobn3Ua94Gm
+q7PtKPYbOoF6m4aAIhouWkwCQgChGMvdnRhLQiItMGybWY5mLOYemM9U3CjNLRSE
+gDIPWr67i05MwdofcT2hYPSFHAyeI7OfJikHrAfDcTok6kPA3A==
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/11.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/11.pem
new file mode 100644
index 000000000..f3f4c6671
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/11.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAm+gAwIBAgIBETAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTE4MDYxMzEyMzQzMloXDTIzMDYxMTEyMzQzMlowXzELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDM4NCBiaXQxHTAbBgNVBAMMFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMHYwEAYHKoZI
+zj0CAQYFK4EEACIDYgAExm8lmoXGUfLL8xzhhQFmadz7SjPdubASbH9m+t7h30OV
+yo+NPmtve7uqrWzttyWfqR7tFSOLtP5joj8U9E580ilT/2MsjVQJpKOFpYaggPUK
+f+fhRwfQMUunyyAoIRSbo4IBFDCCARAwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gw
+HQYDVR0OBBYEFCQeIdu6skXTNWUg5w1Eb9HR1dU2MHgGA1UdIwRxMG+AFLpd+XG2
+E7Vq0d26Nreq0sHuj9jSoUykSjBIMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu
+dXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBSb290IENBggkA
+9qJ1fiLvpokwHwYDVR0RBBgwFoEUY2Fyb2xAc3Ryb25nc3dhbi5vcmcwPAYDVR0f
+BDUwMzAxoC+gLYYraHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2Fu
+X2VjLmNybDAKBggqhkjOPQQDAgOBjAAwgYgCQgGptTrYfjcWM+P66K5W+sq1d4X6
+E0+I2lXRKRiku2vPjpTQZJim4k4pAJNC19R2CCJMBgqab1ROUUsHMMHBNcyR/gJC
+AN6S1J68o3UTQwAyN/zXW4ur8cxsPKV9uZYoz7O6Snz+eTliz/g8NPtfLYUseCii
+VoXhdWwKkiRd8Cjck+RJHVWh
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/12.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/12.pem
new file mode 100644
index 000000000..0f6315794
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/12.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7TCCAlCgAwIBAgIBEjAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTE4MDYxMzEyMzUyNFoXDTIzMDYxMTEyMzUyNFowXjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDI1NiBiaXQxHDAaBgNVBAMME2RhdmVAc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO
+PQIBBggqhkjOPQMBBwNCAATRc+i666sxHVohZ/4ld8ffz2xoa+x9+7TzM689nczQ
+oZMs3+AJIjjNzdjvEe6kPHW73p51IdtlVF97Ib62hgQuo4IBEzCCAQ8wCQYDVR0T
+BAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFDA3QkktCD5ZvWeiepNeQPWpcKP8
+MHgGA1UdIwRxMG+AFLpd+XG2E7Vq0d26Nreq0sHuj9jSoUykSjBIMQswCQYDVQQG
+EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25n
+U3dhbiBFQyBSb290IENBggkA9qJ1fiLvpokwHgYDVR0RBBcwFYETZGF2ZUBzdHJv
+bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3
+YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMCA4GKADCBhgJBOrfM
+xT0Cn1uXVvuS977ANQZwzAX4O9y5POFXBkDKLFPL9hgWg7jxhREkDRcvViovMmiM
+EAjoEZLD8SysfYrRZxcCQXtgWTfS2GAIDSQS1of1so/8Z/xZdfoIWxRoZ/xmH7jY
+Yt3wK6yGjziEbX9LGN4MkOwkJKjEkTwbTygv7Wt3arz/
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/13.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/13.pem
new file mode 100644
index 000000000..961c8bec8
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/13.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7jCCAlCgAwIBAgIBEzAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTE4MDYxMzE0MzEzMVoXDTIzMDYxMTE0MzEzMVowXjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDI1NiBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO
+PQIBBggqhkjOPQMBBwNCAATCqc/Wov++N8wvG3IhsEAxa38bxoIBPQZeOqMyi/lV
+breEsOSJD/POV3gkt1lKOaQ502XdJcjdAvCqjtbpzCMWo4IBEzCCAQ8wCQYDVR0T
+BAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFAtkayAwMYDQqnlKDRvm7HNCIxY8
+MHgGA1UdIwRxMG+AFLpd+XG2E7Vq0d26Nreq0sHuj9jSoUykSjBIMQswCQYDVQQG
+EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25n
+U3dhbiBFQyBSb290IENBggkA9qJ1fiLvpokwHgYDVR0RBBcwFYITbW9vbi5zdHJv
+bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3
+YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMCA4GLADCBhwJBVnfl
+l9eV6R+jNdUCuz+yDdM7c1UpQ+Qy7rtXq50KZY7d1xJsTk152LxXIkO8EJnHmO4l
+s39RHlGXItWcYGffXIICQgCLB+R8QFnMcKlgpjrxsuO/Ljg1RcMav3y3zaHJJJLT
+eJBEL7RhDaPGcJ/hKU4TPwvSEIkswQaDnN+oAZiz/gFDUw==
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/14.pem b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/14.pem
new file mode 100644
index 000000000..a71ffdca1
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/ecdsa/newcerts/14.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCzCCAm2gAwIBAgIBFDAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
+A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
+b290IENBMB4XDTE4MDYxMzE0MzE1MVoXDTIzMDYxMTE0MzE1MVowXjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDM4NCBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAAQBXgnLJrtT2zS6BEj4WBRskabmIw8TVo3Q4+MyOBab2jzM
+AVE44VFjo/ihd1YCeTs8KyZY+w8XPnCqm+z+Z9NeU2tN5wLlVYSBwyYzL9+Nhnam
+F6qMSaPBnIE2CK2hgqGjggETMIIBDzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAd
+BgNVHQ4EFgQUT4FEmRbCvjxKsXqruiQgzC50pj0weAYDVR0jBHEwb4AUul35cbYT
+tWrR3bo2t6rSwe6P2NKhTKRKMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51
+eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2
+onV+Iu+miTAeBgNVHREEFzAVghNtb29uLnN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1
+MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9l
+Yy5jcmwwCgYIKoZIzj0EAwIDgYsAMIGHAkIAhHCvrcHfCJbPcNDdyT4x3F3V2wq7
+96TzcVzlLJ+zSxr3Xo3eqOZaxAlnnoI4aQIukZ0RXzSCebDrOL9+k+5uRakCQU9k
+W5MphqYKOys+lQmpKBEnzZlM1QvFfUUiXwoxN8Ilc9c0nSVXKl9m/uPgP7GZjvaE
+J4juvRKmi2nMoxWIJtMt
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/serial b/testing/hosts/winnetou/etc/openssl/ecdsa/serial
index ff470b05e..60d3b2f4a 100644
--- a/testing/hosts/winnetou/etc/openssl/ecdsa/serial
+++ b/testing/hosts/winnetou/etc/openssl/ecdsa/serial
@@ -1 +1 @@
-0E
+15
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/serial.old b/testing/hosts/winnetou/etc/openssl/ecdsa/serial.old
index cd672a533..8351c1939 100644
--- a/testing/hosts/winnetou/etc/openssl/ecdsa/serial.old
+++ b/testing/hosts/winnetou/etc/openssl/ecdsa/serial.old
@@ -1 +1 @@
-06
+14
diff --git a/testing/hosts/winnetou/etc/openssl/ed25519/newcerts/carolPolicyCert.pem b/testing/hosts/winnetou/etc/openssl/ed25519/newcerts/carolPolicyCert.pem
new file mode 100644
index 000000000..70d7664af
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/ed25519/newcerts/carolPolicyCert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB/DCCAa6gAwIBAgIBBTAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT
+EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5
+IFJvb3QgQ0EwHhcNMTgwNjIxMTQzMDU1WhcNMjMwNjIxMTQzMDU1WjBbMQswCQYD
+VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF
+ZDI1NTE5MR0wGwYDVQQDDBRjYXJvbEBzdHJvbmdzd2FuLm9yZzAqMAUGAytlcAMh
+APtwTFkrXyLYOWm9zlNm+ASZ3LzmpWmB2OwqnWZlFIXVo4GiMIGfMB8GA1UdIwQY
+MBaAFCNOkpAKSIb2BV3+ead2AzqOcNj4MB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9u
+Z3N3YW4ub3JnMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dh
+bi5vcmcvc3Ryb25nc3dhbl9lZDI1NTE5LmNybDAYBgNVHSAEETAPMA0GCysGAQQB
+gqAqAQEBMAUGAytlcANBAJAqyQd0TjQUTba+9NzVdboKhq3D6I/go7wjzx9G2O5s
+xn1QimUMNHpY4i8eDD9ISvZIR2sziZgm79zV/sY1bQw=
+-----END CERTIFICATE-----
diff --git a/testing/hosts/winnetou/etc/openssl/ed25519/strongswan_ed25519PolicyCert.pem b/testing/hosts/winnetou/etc/openssl/ed25519/strongswan_ed25519PolicyCert.pem
new file mode 100644
index 000000000..ec34ff0b0
--- /dev/null
+++ b/testing/hosts/winnetou/etc/openssl/ed25519/strongswan_ed25519PolicyCert.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBvzCCAXGgAwIBAgIIVuORAxPNUTQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw
+GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g
+RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow
+TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG
+A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G
+lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNrMGkwDwYDVR0TAQH/BAUwAwEB
+/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4
+MCcGA1UdIAQgMB4wDQYLKwYBBAGCoCoBAQEwDQYLKwYBBAGCoCoBAQIwBQYDK2Vw
+A0EAmmq2gRBc3uVIa0e+LVHfAdWZ+PQU6aiwAqVMTK2aiaU4BECpNQE2MLYKMxWg
+GjZr7I5qruXG76jCbjDTlGSbBA==
+-----END CERTIFICATE-----
diff --git a/testing/scripts/build-strongswan b/testing/scripts/build-strongswan
index 150fce30c..13fd1e691 100755
--- a/testing/scripts/build-strongswan
+++ b/testing/scripts/build-strongswan
@@ -1,7 +1,5 @@
#!/bin/bash
-echo "Preparing root image"
-
DIR=$(dirname `readlink -f $0`)
. $DIR/../testing.conf
. $DIR/function.sh
@@ -26,8 +24,20 @@ load_qemu_nbd
mkdir -p $LOOPDIR
mkdir -p $IMGDIR
-log_action "Connecting root image to NBD device $NBDEV"
-execute "qemu-nbd -c $NBDEV $ROOTIMG"
+case "$2" in
+"")
+ log_action "Connecting root image to NBD device $NBDEV"
+ execute "qemu-nbd -c $NBDEV $ROOTIMG"
+ ;;
+*)
+ echo $STRONGSWANHOSTS | grep -q "\b$2\b" || die "Guest $2 not found"
+ GUESTIMG="$IMGDIR/$2.$IMGEXT"
+ [ -f "$GUESTIMG" ] || die "Guest image $GUESTIMG not found"
+ log_action "Connecting guest image to NBD device $NBDEV"
+ execute "qemu-nbd -c $NBDEV $GUESTIMG"
+ ;;
+esac
+
do_on_exit qemu-nbd -d $NBDEV
partprobe $NBDEV
@@ -74,7 +84,9 @@ cp $RECPDIR/$RECIPE $SHAREDDIR/build-strongswan
log_action "Installing from recipe $RECIPE"
execute_chroot "make SRCDIR=/root/strongswan BUILDDIR=/root/shared/build-strongswan -f /root/shared/build-strongswan/$RECIPE"
-# cleanup before mounting guest images
-on_exit
-
-$DIR/build-guestimages
+# requild the guest images if we modified the root image
+if [ -z "$2" ]; then
+ # cleanup before mounting guest images
+ on_exit
+ $DIR/build-guestimages
+fi
diff --git a/testing/scripts/recipes/011_botan.mk b/testing/scripts/recipes/011_botan.mk
new file mode 100644
index 000000000..ef0f6d066
--- /dev/null
+++ b/testing/scripts/recipes/011_botan.mk
@@ -0,0 +1,30 @@
+#!/usr/bin/make
+
+PKG = botan
+SRC = https://github.com/randombit/$(PKG).git
+# will have to be changed to the 2.8.0 tag later
+REV = 1872f899716854927ecc68022fac318735be8824
+
+NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN)
+
+# the first two are necessary due to LD, the others to reduce the build time
+CONFIG_OPTS = \
+ --without-os-features=threads \
+ --disable-modules=locking_allocator \
+ --disable-modules=pkcs11,tls,x509,xmss \
+
+all: install
+
+$(PKG):
+ git clone $(SRC) $(PKG)
+
+.$(PKG)-cloned-$(REV): $(PKG)
+ cd $(PKG) && git fetch && git checkout $(REV)
+ @touch $@
+
+.$(PKG)-built-$(REV): .$(PKG)-cloned-$(REV)
+ cd $(PKG) && python ./configure.py $(CONFIG_OPTS) && make -j $(NUM_CPUS)
+ @touch $@
+
+install: .$(PKG)-built-$(REV)
+ cd $(PKG) && make install && ldconfig
diff --git a/testing/scripts/recipes/013_strongswan.mk b/testing/scripts/recipes/013_strongswan.mk
index 52462d077..13a1b23c8 100644
--- a/testing/scripts/recipes/013_strongswan.mk
+++ b/testing/scripts/recipes/013_strongswan.mk
@@ -54,8 +54,6 @@ CONFIG_OPTS = \
--enable-imv-os \
--enable-imc-attestation \
--enable-imv-attestation \
- --enable-imc-swid \
- --enable-imv-swid \
--enable-imc-swima \
--enable-imv-swima \
--enable-imc-hcd \
@@ -64,6 +62,7 @@ CONFIG_OPTS = \
--enable-sqlite \
--enable-attr-sql \
--enable-mediation \
+ --enable-botan \
--enable-openssl \
--enable-blowfish \
--enable-kernel-pfkey \
diff --git a/testing/testing.conf b/testing/testing.conf
index 0da9aedad..78c8dcabc 100644
--- a/testing/testing.conf
+++ b/testing/testing.conf
@@ -24,14 +24,14 @@ fi
: ${TESTDIR=/srv/strongswan-testing}
# Kernel configuration
-: ${KERNELVERSION=4.15.18}
+: ${KERNELVERSION=4.18.9}
: ${KERNEL=linux-$KERNELVERSION}
: ${KERNELTARBALL=$KERNEL.tar.xz}
-: ${KERNELCONFIG=$DIR/../config/kernel/config-4.15}
-: ${KERNELPATCH=ha-4.15.6-abicompat.patch.bz2}
+: ${KERNELCONFIG=$DIR/../config/kernel/config-4.18}
+: ${KERNELPATCH=ha-4.16-abicompat.patch.bz2}
# strongSwan version used in tests
-: ${SWANVERSION=5.6.3}
+: ${SWANVERSION=5.7.0}
# Build directory where the guest kernel and images will be built
: ${BUILDDIR=$TESTDIR/build}
diff --git a/testing/tests/botan/rw-cert/description.txt b/testing/tests/botan/rw-cert/description.txt
new file mode 100755
index 000000000..2d9d550fc
--- /dev/null
+++ b/testing/tests/botan/rw-cert/description.txt
@@ -0,0 +1,10 @@
+The roadwarrior <b>carol</b> and the gateway <b>moon</b> use the <b>botan</b>
+plugin based on the <b>Botan</b> library for all cryptographical functions whereas
+roadwarrior <b>dave</b> uses the default <b>strongSwan</b> cryptographical
+plugins. The authentication is based on <b>X.509 certificates</b> and the key exchange
+on <b>x25519</b>.
+<p/>
+Upon the successful establishment of the IPsec tunnels, the updown script
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/botan/rw-cert/evaltest.dat b/testing/tests/botan/rw-cert/evaltest.dat
new file mode 100755
index 000000000..8a8a95f7e
--- /dev/null
+++ b/testing/tests/botan/rw-cert/evaltest.dat
@@ -0,0 +1,10 @@
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
+alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
+alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/botan/rw-cert/hosts/carol/etc/strongswan.conf b/testing/tests/botan/rw-cert/hosts/carol/etc/strongswan.conf
new file mode 100755
index 000000000..e5c6d88b3
--- /dev/null
+++ b/testing/tests/botan/rw-cert/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = botan pem x509 revocation constraints pubkey
+}
+
+charon-systemd {
+ load = nonce botan pem x509 revocation constraints pubkey curl kernel-netlink socket-default updown vici
+
+ rsa_pss = yes
+}
diff --git a/testing/tests/botan/rw-cert/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/botan/rw-cert/hosts/carol/etc/swanctl/rsa/carolKey.pem
new file mode 100644
index 000000000..1454ec54c
--- /dev/null
+++ b/testing/tests/botan/rw-cert/hosts/carol/etc/swanctl/rsa/carolKey.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F
+
+1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b
+/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ
+/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o
+Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+
+f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6
+LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv
+06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC
+e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr
+3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC
+sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily
+c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy
+UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h
+XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T
+iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO
+Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO
+v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO
+t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H
+8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA
+jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p
+p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS
+7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk
+GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+
+4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0
+yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd
++85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/botan/rw-cert/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/botan/rw-cert/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..c9ffac848
--- /dev/null
+++ b/testing/tests/botan/rw-cert/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ rsa-carol {
+ file = carolKey.pem
+ secret = "nH5ZQEWtku0RJEZ6"
+ }
+}
diff --git a/testing/tests/botan/rw-cert/hosts/dave/etc/strongswan.conf b/testing/tests/botan/rw-cert/hosts/dave/etc/strongswan.conf
new file mode 100755
index 000000000..f2ab7d3e8
--- /dev/null
+++ b/testing/tests/botan/rw-cert/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce sha1 sha2 aes curve25519 hmac mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
+
+ rsa_pss = yes
+}
diff --git a/testing/tests/botan/rw-cert/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/botan/rw-cert/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..7fcdea834
--- /dev/null
+++ b/testing/tests/botan/rw-cert/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,27 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.200
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/botan/rw-cert/hosts/moon/etc/strongswan.conf b/testing/tests/botan/rw-cert/hosts/moon/etc/strongswan.conf
new file mode 100755
index 000000000..6a33d582b
--- /dev/null
+++ b/testing/tests/botan/rw-cert/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,15 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem botan x509 revocation constraints pubkey
+}
+
+charon-systemd {
+ load = nonce test-vectors botan pem x509 revocation constraints pubkey curl kernel-netlink socket-default updown vici
+
+ rsa_pss = yes
+ integrity_test = yes
+ crypto_test {
+ on_add = yes
+ }
+}
diff --git a/testing/tests/botan/rw-cert/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/botan/rw-cert/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..4ba02ad6c
--- /dev/null
+++ b/testing/tests/botan/rw-cert/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,25 @@
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/botan/rw-cert/posttest.dat b/testing/tests/botan/rw-cert/posttest.dat
new file mode 100755
index 000000000..b909ac76c
--- /dev/null
+++ b/testing/tests/botan/rw-cert/posttest.dat
@@ -0,0 +1,8 @@
+carol::swanctl --terminate --ike home
+dave::swanctl --terminate --ike home
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/botan/rw-cert/pretest.dat b/testing/tests/botan/rw-cert/pretest.dat
new file mode 100755
index 000000000..dd1a17ccb
--- /dev/null
+++ b/testing/tests/botan/rw-cert/pretest.dat
@@ -0,0 +1,11 @@
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
+moon::expect-connection rw
+carol::expect-connection home
+carol::swanctl --initiate --child home 2> /dev/null
+dave::expect-connection home
+dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/test.conf b/testing/tests/botan/rw-cert/test.conf
index 08ea543e2..1227b9d1c 100644..100755
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/test.conf
+++ b/testing/tests/botan/rw-cert/test.conf
@@ -18,11 +18,7 @@ TCPDUMPHOSTS="moon"
# Guest instances on which IPsec is started
# Used for IPsec logging purposes
#
-IPSECHOSTS="carol moon dave alice"
-
-# Guest instances on which databases are used
-#
-DBHOSTS="alice"
+IPSECHOSTS="moon carol dave"
# charon controlled by swanctl
#
diff --git a/testing/tests/botan/rw-ecp256/description.txt b/testing/tests/botan/rw-ecp256/description.txt
new file mode 100755
index 000000000..f6d0f149c
--- /dev/null
+++ b/testing/tests/botan/rw-ecp256/description.txt
@@ -0,0 +1,9 @@
+The roadwarrior <b>carol</b> and the gateway <b>moon</b> use the <b>botan</b>
+plugin based on the <b>Botan</b> library for all cryptographical functions whereas
+roadwarrior <b>dave</b> uses the <b>openssl</b> plugin. The authentication is based
+on <b>X.509 certificates</b> and the key exchange on <b>ecp256</b>.
+<p/>
+Upon the successful establishment of the IPsec tunnels, the updown script
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/botan/rw-ecp256/evaltest.dat b/testing/tests/botan/rw-ecp256/evaltest.dat
new file mode 100755
index 000000000..dc67b2d20
--- /dev/null
+++ b/testing/tests/botan/rw-ecp256/evaltest.dat
@@ -0,0 +1,10 @@
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
+alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
+alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/botan/rw-ecp256/hosts/carol/etc/strongswan.conf b/testing/tests/botan/rw-ecp256/hosts/carol/etc/strongswan.conf
new file mode 100755
index 000000000..e5c6d88b3
--- /dev/null
+++ b/testing/tests/botan/rw-ecp256/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = botan pem x509 revocation constraints pubkey
+}
+
+charon-systemd {
+ load = nonce botan pem x509 revocation constraints pubkey curl kernel-netlink socket-default updown vici
+
+ rsa_pss = yes
+}
diff --git a/testing/tests/botan/rw-ecp256/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/botan/rw-ecp256/hosts/carol/etc/swanctl/rsa/carolKey.pem
new file mode 100644
index 000000000..1454ec54c
--- /dev/null
+++ b/testing/tests/botan/rw-ecp256/hosts/carol/etc/swanctl/rsa/carolKey.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F
+
+1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b
+/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ
+/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o
+Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+
+f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6
+LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv
+06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC
+e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr
+3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC
+sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily
+c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy
+UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h
+XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T
+iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO
+Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO
+v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO
+t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H
+8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA
+jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p
+p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS
+7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk
+GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+
+4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0
+yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd
++85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/botan/rw-ecp256/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/botan/rw-ecp256/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..a50497eed
--- /dev/null
+++ b/testing/tests/botan/rw-ecp256/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-ecp256
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-ecp256
+ }
+}
+
+secrets {
+
+ rsa-carol {
+ file = carolKey.pem
+ secret = "nH5ZQEWtku0RJEZ6"
+ }
+}
diff --git a/testing/tests/botan/rw-ecp256/hosts/dave/etc/strongswan.conf b/testing/tests/botan/rw-ecp256/hosts/dave/etc/strongswan.conf
new file mode 100755
index 000000000..3ee76327c
--- /dev/null
+++ b/testing/tests/botan/rw-ecp256/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = nonce openssl pem revocation constraints pubkey curl kernel-netlink socket-default updown vici
+
+ rsa_pss = yes
+}
diff --git a/testing/tests/botan/rw-ecp256/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/botan/rw-ecp256/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..66c6cd1c9
--- /dev/null
+++ b/testing/tests/botan/rw-ecp256/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,27 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.200
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-ecp256
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-ecp256
+ }
+}
diff --git a/testing/tests/botan/rw-ecp256/hosts/moon/etc/strongswan.conf b/testing/tests/botan/rw-ecp256/hosts/moon/etc/strongswan.conf
new file mode 100755
index 000000000..29b16f107
--- /dev/null
+++ b/testing/tests/botan/rw-ecp256/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem botan x509 revocation constraints pubkey
+}
+
+charon-systemd {
+ load = nonce test-vectors botan pem x509 revocation constraints pubkey curl kernel-netlink socket-default updown vici
+
+ rsa_pss = yes
+}
diff --git a/testing/tests/botan/rw-ecp256/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/botan/rw-ecp256/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..240cccf44
--- /dev/null
+++ b/testing/tests/botan/rw-ecp256/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,25 @@
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-ecp256
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-ecp256
+ }
+}
diff --git a/testing/tests/botan/rw-ecp256/posttest.dat b/testing/tests/botan/rw-ecp256/posttest.dat
new file mode 100755
index 000000000..b909ac76c
--- /dev/null
+++ b/testing/tests/botan/rw-ecp256/posttest.dat
@@ -0,0 +1,8 @@
+carol::swanctl --terminate --ike home
+dave::swanctl --terminate --ike home
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/botan/rw-ecp256/pretest.dat b/testing/tests/botan/rw-ecp256/pretest.dat
new file mode 100755
index 000000000..dd1a17ccb
--- /dev/null
+++ b/testing/tests/botan/rw-ecp256/pretest.dat
@@ -0,0 +1,11 @@
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
+moon::expect-connection rw
+carol::expect-connection home
+carol::swanctl --initiate --child home 2> /dev/null
+dave::expect-connection home
+dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/botan/rw-ecp256/test.conf b/testing/tests/botan/rw-ecp256/test.conf
new file mode 100755
index 000000000..1227b9d1c
--- /dev/null
+++ b/testing/tests/botan/rw-ecp256/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/botan/rw-modp3072/description.txt b/testing/tests/botan/rw-modp3072/description.txt
new file mode 100755
index 000000000..3c1c0dc84
--- /dev/null
+++ b/testing/tests/botan/rw-modp3072/description.txt
@@ -0,0 +1,10 @@
+The roadwarrior <b>carol</b> and the gateway <b>moon</b> use the <b>botan</b>
+plugin based on the <b>Botan</b> library for all cryptographical functions whereas
+roadwarrior <b>dave</b> uses the default <b>strongSwan</b> cryptographical
+plugins. The authentication is based on <b>X.509 certificates</b> and the key exchange
+on <b>modp3072</b>.
+<p/>
+Upon the successful establishment of the IPsec tunnels, the updown script
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/botan/rw-modp3072/evaltest.dat b/testing/tests/botan/rw-modp3072/evaltest.dat
new file mode 100755
index 000000000..51bf8c1ba
--- /dev/null
+++ b/testing/tests/botan/rw-modp3072/evaltest.dat
@@ -0,0 +1,10 @@
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=MODP_3072.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
+alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
+alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/botan/rw-modp3072/hosts/carol/etc/strongswan.conf b/testing/tests/botan/rw-modp3072/hosts/carol/etc/strongswan.conf
new file mode 100755
index 000000000..e5c6d88b3
--- /dev/null
+++ b/testing/tests/botan/rw-modp3072/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = botan pem x509 revocation constraints pubkey
+}
+
+charon-systemd {
+ load = nonce botan pem x509 revocation constraints pubkey curl kernel-netlink socket-default updown vici
+
+ rsa_pss = yes
+}
diff --git a/testing/tests/botan/rw-modp3072/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/botan/rw-modp3072/hosts/carol/etc/swanctl/rsa/carolKey.pem
new file mode 100644
index 000000000..1454ec54c
--- /dev/null
+++ b/testing/tests/botan/rw-modp3072/hosts/carol/etc/swanctl/rsa/carolKey.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F
+
+1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b
+/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ
+/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o
+Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+
+f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6
+LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv
+06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC
+e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr
+3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC
+sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily
+c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy
+UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h
+XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T
+iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO
+Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO
+v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO
+t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H
+8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA
+jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p
+p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS
+7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk
+GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+
+4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0
+yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd
++85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/botan/rw-modp3072/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/botan/rw-modp3072/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..8485bc3fb
--- /dev/null
+++ b/testing/tests/botan/rw-modp3072/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,35 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-modp3072
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-modp3072
+ }
+}
+
+secrets {
+
+ rsa-carol {
+ file = carolKey.pem
+ secret = "nH5ZQEWtku0RJEZ6"
+ }
+}
diff --git a/testing/tests/botan/rw-modp3072/hosts/dave/etc/strongswan.conf b/testing/tests/botan/rw-modp3072/hosts/dave/etc/strongswan.conf
new file mode 100755
index 000000000..b682bc054
--- /dev/null
+++ b/testing/tests/botan/rw-modp3072/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce sha1 sha2 aes hmac mgf1 pem pkcs1 x509 revocation constraints pubkey gmp curl kernel-netlink socket-default updown vici
+
+ rsa_pss = yes
+}
diff --git a/testing/tests/botan/rw-modp3072/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/botan/rw-modp3072/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..27c6f12ba
--- /dev/null
+++ b/testing/tests/botan/rw-modp3072/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,27 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.200
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-modp3072
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-modp3072
+ }
+}
diff --git a/testing/tests/botan/rw-modp3072/hosts/moon/etc/strongswan.conf b/testing/tests/botan/rw-modp3072/hosts/moon/etc/strongswan.conf
new file mode 100755
index 000000000..29b16f107
--- /dev/null
+++ b/testing/tests/botan/rw-modp3072/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,11 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem botan x509 revocation constraints pubkey
+}
+
+charon-systemd {
+ load = nonce test-vectors botan pem x509 revocation constraints pubkey curl kernel-netlink socket-default updown vici
+
+ rsa_pss = yes
+}
diff --git a/testing/tests/botan/rw-modp3072/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/botan/rw-modp3072/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..75c21c663
--- /dev/null
+++ b/testing/tests/botan/rw-modp3072/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,25 @@
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-modp3072
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-modp3072
+ }
+}
diff --git a/testing/tests/botan/rw-modp3072/posttest.dat b/testing/tests/botan/rw-modp3072/posttest.dat
new file mode 100755
index 000000000..b909ac76c
--- /dev/null
+++ b/testing/tests/botan/rw-modp3072/posttest.dat
@@ -0,0 +1,8 @@
+carol::swanctl --terminate --ike home
+dave::swanctl --terminate --ike home
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/botan/rw-modp3072/pretest.dat b/testing/tests/botan/rw-modp3072/pretest.dat
new file mode 100755
index 000000000..dd1a17ccb
--- /dev/null
+++ b/testing/tests/botan/rw-modp3072/pretest.dat
@@ -0,0 +1,11 @@
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
+moon::expect-connection rw
+carol::expect-connection home
+carol::swanctl --initiate --child home 2> /dev/null
+dave::expect-connection home
+dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/botan/rw-modp3072/test.conf b/testing/tests/botan/rw-modp3072/test.conf
new file mode 100755
index 000000000..1227b9d1c
--- /dev/null
+++ b/testing/tests/botan/rw-modp3072/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/ikev1/net2net-fragmentation/evaltest.dat b/testing/tests/ikev1/net2net-fragmentation/evaltest.dat
index 7180fee05..45e76c155 100644
--- a/testing/tests/ikev1/net2net-fragmentation/evaltest.dat
+++ b/testing/tests/ikev1/net2net-fragmentation/evaltest.dat
@@ -1,11 +1,11 @@
moon::cat /var/log/daemon.log::received FRAGMENTATION vendor ID::YES
sun::cat /var/log/daemon.log::received FRAGMENTATION vendor ID::YES
-moon::cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES
-sun::cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES
+moon::cat /var/log/daemon.log::splitting IKE message (.*bytes) into 2 fragments::YES
+sun::cat /var/log/daemon.log::splitting IKE message (.*bytes) into 2 fragments::YES
moon::cat /var/log/daemon.log::received fragment #1, waiting for complete IKE message::YES
-moon::cat /var/log/daemon.log::received fragment #2, reassembling fragmented IKE message::YES
+moon::cat /var/log/daemon.log::received fragment #2, reassembled fragmented IKE message::YES
sun::cat /var/log/daemon.log::received fragment #1, waiting for complete IKE message::YES
-sun::cat /var/log/daemon.log::received fragment #2, reassembling fragmented IKE message::YES
+sun::cat /var/log/daemon.log::received fragment #2, reassembled fragmented IKE message::YES
moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
diff --git a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/iptables.rules b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/iptables.rules
index 792fc56bc..2d9a466b0 100644
--- a/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/iptables.rules
+++ b/testing/tests/ikev2/dhcp-dynamic/hosts/moon/etc/iptables.rules
@@ -5,8 +5,8 @@
-P OUTPUT DROP
-P FORWARD DROP
-# allow bootps (in relay mode also in OUTPUT)
--A OUTPUT -p udp --sport bootps --dport bootps -j ACCEPT
+# allow bootpc and bootps
+-A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT
-A INPUT -p udp --sport bootps --dport bootps -j ACCEPT
# allow broadcasts from eth1
diff --git a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/iptables.rules b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/iptables.rules
index 792fc56bc..2d9a466b0 100644
--- a/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/iptables.rules
+++ b/testing/tests/ikev2/dhcp-static-client-id/hosts/moon/etc/iptables.rules
@@ -5,8 +5,8 @@
-P OUTPUT DROP
-P FORWARD DROP
-# allow bootps (in relay mode also in OUTPUT)
--A OUTPUT -p udp --sport bootps --dport bootps -j ACCEPT
+# allow bootpc and bootps
+-A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT
-A INPUT -p udp --sport bootps --dport bootps -j ACCEPT
# allow broadcasts from eth1
diff --git a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/iptables.rules b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/iptables.rules
index 792fc56bc..2d9a466b0 100644
--- a/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/iptables.rules
+++ b/testing/tests/ikev2/dhcp-static-mac/hosts/moon/etc/iptables.rules
@@ -5,8 +5,8 @@
-P OUTPUT DROP
-P FORWARD DROP
-# allow bootps (in relay mode also in OUTPUT)
--A OUTPUT -p udp --sport bootps --dport bootps -j ACCEPT
+# allow bootpc and bootps
+-A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT
-A INPUT -p udp --sport bootps --dport bootps -j ACCEPT
# allow broadcasts from eth1
diff --git a/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat b/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat
index 4abcde1e8..49271bd8c 100644
--- a/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat
+++ b/testing/tests/ikev2/multi-level-ca-ldap/evaltest.dat
@@ -10,7 +10,7 @@ carol::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA bui
carol::ipsec status 2> /dev/null::venus.*INSTALLED::NO
moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*moon.strongswan.org.*carol@strongswan.org::NO
moon:: cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES
-moon:: cat /var/log/daemon.log::selected peer config.*alice.*inacceptable::YES
+moon:: cat /var/log/daemon.log::selected peer config.*alice.*unacceptable::YES
moon:: cat /var/log/daemon.log::switching to peer config.*venus::YES
dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*moon.strongswan.org.*dave@strongswan.org::YES
diff --git a/testing/tests/ikev2/multi-level-ca/evaltest.dat b/testing/tests/ikev2/multi-level-ca/evaltest.dat
index e1c5be4ed..10da97f98 100644
--- a/testing/tests/ikev2/multi-level-ca/evaltest.dat
+++ b/testing/tests/ikev2/multi-level-ca/evaltest.dat
@@ -10,7 +10,7 @@ carol::cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA bui
carol::ipsec status 2> /dev/null::venus.*INSTALLED::NO
moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*carol@strongswan.org::NO
moon:: cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES
-moon:: cat /var/log/daemon.log::selected peer config.*alice.*inacceptable::YES
+moon:: cat /var/log/daemon.log::selected peer config.*alice.*unacceptable::YES
moon:: cat /var/log/daemon.log::switching to peer config.*venus::YES
dave:: ipsec status 2> /dev/null::venus.*INSTALLED, TUNNEL::YES
moon:: ipsec status 2> /dev/null::venus.*ESTABLISHED.*dave@strongswan.org::YES
diff --git a/testing/tests/ikev2/net2net-fragmentation/evaltest.dat b/testing/tests/ikev2/net2net-fragmentation/evaltest.dat
index c6a8ff5d7..b8e2eff41 100644
--- a/testing/tests/ikev2/net2net-fragmentation/evaltest.dat
+++ b/testing/tests/ikev2/net2net-fragmentation/evaltest.dat
@@ -1,11 +1,11 @@
moon::cat /var/log/daemon.log::IKE_SA_INIT request 0.*FRAG_SUP::YES
sun::cat /var/log/daemon.log::IKE_SA_INIT response 0.*FRAG_SUP::YES
-moon::cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES
-sun::cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES
+moon::cat /var/log/daemon.log::splitting IKE message (.*bytes) into 2 fragments::YES
+sun::cat /var/log/daemon.log::splitting IKE message (.*bytes) into 2 fragments::YES
moon::cat /var/log/daemon.log::received fragment #1 of 2, waiting for complete IKE message::YES
-moon::cat /var/log/daemon.log::received fragment #2 of 2, reassembling fragmented IKE message::YES
+moon::cat /var/log/daemon.log::received fragment #2 of 2, reassembled fragmented IKE message::YES
sun::cat /var/log/daemon.log::received fragment #1 of 2, waiting for complete IKE message::YES
-sun::cat /var/log/daemon.log::received fragment #2 of 2, reassembling fragmented IKE message::YES
+sun::cat /var/log/daemon.log::received fragment #2 of 2, reassembled fragmented IKE message::YES
moon::ipsec status 2> /dev/null::net-net.*ESTABLISHED.*moon.strongswan.org.*sun.strongswan.org::YES
sun:: ipsec status 2> /dev/null::net-net.*ESTABLISHED.*sun.strongswan.org.*moon.strongswan.org::YES
moon::ipsec status 2> /dev/null::net-net.*INSTALLED, TUNNEL::YES
diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
index 3480a434a..a1a86a222 100644
--- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
@@ -1,17 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT
+AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT
+d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI
+MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE
+AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG
+AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE
+J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb
+TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd
+uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E
+J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd
+YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA
+ihgk0RArH39otlUFPSbSE9bicCDy
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index a85635faf..646f6e8e3 100644
--- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,15 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIICXzCCAcCgAwIBAgIBCTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+MIIC8TCCAlKgAwIBAgIBEDAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODA3MjczOFoXDTE4MDYwMjA3MjczOFowXzELMAkGA1UE
+b290IENBMB4XDTE4MDYxMzEyMTEyMVoXDTIzMDYxMTEyMTEyMVowXzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
-IDI1NiBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI
-zj0CAQYIKoZIzj0DAQcDQgAEwYQaBELkyAVAzNzWJr9LqoK8gdKDv+Ns6D+ZQSAj
-BuX3bs5ZIn7BrRxYd+mbnpZ2in7FjXPWkcLkIK/cgay2n6OBgzCBgDAfBgNVHSME
-GDAWgBS6XflxthO1atHduja3qtLB7o/Y0jAfBgNVHREEGDAWgRRjYXJvbEBzdHJv
-bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3
-YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAIU5
-nZLSfuiHElf7SFHl/sXCTSQ5FhEjSdhpMUvsgwq0vnEJRRdsdEOmmtVT5yQFHDUR
-Z9YVl4/zP5EFyUepvCH5AkIB2WFJ5WZ3Ds76Tq9AxAPaFbsQapGgOmrRZ6lGkj49
-hzLfARkvr+fTbOrttOC4yTIfnYVygA2G1cQYzceY/JiSk00=
+IDI1NiBiaXQxHTAbBgNVBAMMFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAE3WHJOZfpI6KZX6zlKRtCvY0VwHW/K8SWjDCuoq+C
+Vb7NnQ0Lpfb22Cihwjf0/ne78AcYGapZdt8/tdxlpQm+9qOCARQwggEQMAkGA1Ud
+EwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSpGHTyNt5Tfshldm2Oz0MlnHZ+
+aTB4BgNVHSMEcTBvgBS6XflxthO1atHduja3qtLB7o/Y0qFMpEowSDELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9u
+Z1N3YW4gRUMgUm9vdCBDQYIJAPaidX4i76aJMB8GA1UdEQQYMBaBFGNhcm9sQHN0
+cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25n
+c3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5jcmwwCgYIKoZIzj0EAwIDgYwAMIGIAkIA
+7r9urYVPXwOUBU120HDb/0Z+ezMm8vFtGsrJPME9JdW7bdkb1IpWpSobn3Ua94Gm
+q7PtKPYbOoF6m4aAIhouWkwCQgChGMvdnRhLQiItMGybWY5mLOYemM9U3CjNLRSE
+gDIPWr67i05MwdofcT2hYPSFHAyeI7OfJikHrAfDcTok6kPA3A==
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem
index 0a0b83889..c277ba4f6 100644
--- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,8 +1,8 @@
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,0F93D8FBCA4CAA40
+DEK-Info: AES-128-CBC,E62D0EE78FCCAD3B03EA4F93FEFD057C
-jyvWqe7yjLux30mLeMsjlEjWu1A7u4xdRUg/R+JzsUxnFDpJKOEd5LgXSExrgVwD
-RMlH6vVkZPboxmveOH8lXDVUyscYLLLTianw9R+Vj3zm6x7kT1CaNryLKfQSCVE8
-QGsF+LrF7/uIS+4RePGQyGv4C3pbBCB168+e362WnjQ=
+CppPKxfVWWaXK3iuFa27YOe/0lWsvzhYKShyq9XanpjuCkcmxKD97eAH1TKokasH
+7ffgnKzbLloxJN6g0GMTPpfiRndeK36DyTwktkyt+h+LU1xooSmNnsaM41P0GaPB
+71Y87B5E5DCmWQO0icQKbQPj66GNwxBh9S6a8OaxnkU=
-----END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
index 3480a434a..a1a86a222 100644
--- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
@@ -1,17 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT
+AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT
+d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI
+MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE
+AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG
+AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE
+J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb
+TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd
+uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E
+J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd
+YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA
+ihgk0RArH39otlUFPSbSE9bicCDy
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index e97709a3f..35b3df49a 100644
--- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,16 +1,19 @@
-----BEGIN CERTIFICATE-----
-MIICeTCCAdqgAwIBAgIBDDAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+MIIDDDCCAm2gAwIBAgIBDzAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODA3MzUxOVoXDTE4MDYwMjA3MzUxOVowXjELMAkGA1UE
+b290IENBMB4XDTE4MDYxMzEyMTAzMVoXDTIzMDYxMTEyMTAzMVowXjELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
-IDM4NCBiaXQxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO
-PQIBBgUrgQQAIgNiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwpnPP1dWQl4Dpr
-DokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6QqQt/AtuPjCL7r
-3k3F0Nsj/TGSjRmcMr6jgYEwfzAfBgNVHSMEGDAWgBS6XflxthO1atHduja3qtLB
-7o/Y0jAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMw
-MaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5j
-cmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIB/x2+UiGE5T7229M2Ic2BMYLWSBQlZJeT
-d3uniJb3NAkeQAhDgj0TOxVdMz1SkgScLRS2RKYpsxiVsV+tVuijTMQCQgHn1WtY
-iiSY7OWcX9hQEqWDV0TxoNcgInEhsmtMbseCpR0dYXYsm54oC0pqVBeKp0GC7KJr
-ZEmeb0/mRB56osgppA==
+IDM4NCBiaXQxHDAaBgNVBAMME2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAAQiPVu1BMrRbeXe2c7zSzBl1UeJfNeM0ocoAfYUe/8KzxU5
+7Gapbm2Gztkm/2V4Zb7PvK3LOKIrUnxNdE0nVvsdIZKSi/BZEm3BQu8lofvwQQxQ
+rWnu3qzwqEfwb0iB2WyjggETMIIBDzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAd
+BgNVHQ4EFgQUDCdvv80iOq2pGsjrnNiQFP2RjnsweAYDVR0jBHEwb4AUul35cbYT
+tWrR3bo2t6rSwe6P2NKhTKRKMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51
+eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2
+onV+Iu+miTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1
+MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9l
+Yy5jcmwwCgYIKoZIzj0EAwIDgYwAMIGIAkIBMxGGwujqlwf+JFNXW/sbxZmynwzq
+duPikzCw0wIq+YhFYJVi2YWDz0Ikfn4WUvoiUIC/uSBAJAw/3E3SHO5I4Y8CQgF2
+d6Ct2ocQwMcz5O00i3BsuOjiHvL3VB3GGG8rfIXAqwUAy4jXQo0bMh2yD+5WwKmP
+GnRyvRuhwRkbBIGt6l1mbA==
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 574c86a2e..40a76935e 100644
--- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,6 +1,6 @@
-----BEGIN EC PRIVATE KEY-----
-MIGkAgEBBDCFbFPkGF4ez8EzHm6pTVCr17Q1+GACxn7m0EE4UVoq7RQBNk4NOxhE
-hJZpquwjgqegBwYFK4EEACKhZANiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwp
-nPP1dWQl4DprDokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6Qq
-Qt/AtuPjCL7r3k3F0Nsj/TGSjRmcMr4=
+MIGkAgEBBDBz89+bQmsMHvfaCsI0N1bInZ+oxA9JZHZrAAkHGHaWFUQZFXBMB88n
+2+6S2JvUbcygBwYFK4EEACKhZANiAAQiPVu1BMrRbeXe2c7zSzBl1UeJfNeM0oco
+AfYUe/8KzxU57Gapbm2Gztkm/2V4Zb7PvK3LOKIrUnxNdE0nVvsdIZKSi/BZEm3B
+Qu8lofvwQQxQrWnu3qzwqEfwb0iB2Ww=
-----END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
index 3480a434a..a1a86a222 100644
--- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
@@ -1,17 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT
+AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT
+d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI
+MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE
+AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG
+AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE
+J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb
+TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd
+uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E
+J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd
+YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA
+ihgk0RArH39otlUFPSbSE9bicCDy
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem
index 25f0538a7..a4962286e 100644
--- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem
+++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem
@@ -1,17 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIICnTCCAf+gAwIBAgIBDTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+MIIDMTCCApOgAwIBAgIBDjAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODEwMDIxNloXDTE4MDYwMjEwMDIxNlowXTELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFTATBgNVBAsTDEVDU0Eg
-NTIxIGJpdDEcMBoGA1UEAxMTbW9vbi5zdHJvbmdzd2FuLm9yZzCBmzAQBgcqhkjO
-PQIBBgUrgQQAIwOBhgAEAGWctqQ4b4fNSACnlcg5A3nxHU5X5qir+Ep8QziYNokU
-ri9N6ZPX3ipNlVAi6AYS7MXWZCBiT2g0yGFfwSxPha/rATR3m7acgyGQt0BE2UJ0
-Z7ZfjkjUPaKKEhmw0fy2t5gUhPaXMBXnu5hGjUz4gaaApsaJtr5eEwdQ0II9DG71
-tSA2o4GBMH8wHwYDVR0jBBgwFoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0R
-BBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRw
-Oi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49
-BAMEA4GLADCBhwJBAjPn1KkfPOlfn51b6AtISSpccCsKJ6LhJiSLuQp0SzMrg3mv
-vSIkNpVrUigW0VVMwcanW3UuYKSxMBl3Z30+RpYCQgGh8v1XO4SO3DmVLD9+JLil
-9Dp0TNkzNLdOqeuIX6ili5yhnLU8chwSlpJ9d81FdAjHP9EDPO+7fTswC2vYL+Rm
-2A==
+b290IENBMB4XDTE4MDYxMzEyMDQ0M1oXDTIzMDYxMTEyMDQ0M1owXjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDUyMSBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwgZswEAYHKoZI
+zj0CAQYFK4EEACMDgYYABADF8xmbPu/a05BVtNnZflimozXZgYi+Md7hKREzL7qr
+dvtRwbyvki3XNo7zzc1HF/FcYyLJ7U1j71G6QVSN7mRHBgAspFYE1LpjBlrObWcx
+JTF74PtzYGKaMWCP+YN52u3tGaOdlvrDiJVi8i/GAuGjIG2tYQVJZQzqUgHHSWPu
+M2HRBKOCARMwggEPMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRl
+8cuEZmUGoBIWQeXSYzWq/7ou4jB4BgNVHSMEcTBvgBS6XflxthO1atHduja3qtLB
+7o/Y0qFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
+YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gRUMgUm9vdCBDQYIJAPaidX4i76aJMB4G
+A1UdEQQXMBWCE21vb24uc3Ryb25nc3dhbi5vcmcwPAYDVR0fBDUwMzAxoC+gLYYr
+aHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2VjLmNybDAKBggq
+hkjOPQQDAgOBiwAwgYcCQgDtARCWbIy+tdsD9EYw/oTxfrnsWP0fw1/3UKXjSAlT
+tZfJfE743Y7Zl2vqmRIeohQBYY09reTOFnUfYx/jONsTUQJBSB7w+z/CcTCQGIV8
+ISaaeAskxcg/+h87ha+5ZOkHoJDeJTqaatHu3dVx8OepEiQS0TSB9FNxj9g/9bYN
+Vjo6NkA=
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem
index a1ba4c9b9..24f07b5d7 100644
--- a/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem
+++ b/testing/tests/openssl-ikev1/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem
@@ -1,7 +1,7 @@
-----BEGIN EC PRIVATE KEY-----
-MIHcAgEBBEIB2FqpGVb6Q8oGdL/boMxg+9G1lKAFqWXVm1jhjmrTyyc6lFJ5Hcix
-+G8ZaNPJ7fLC3NU4uxW3Y9wo1K6yMDfqZhugBwYFK4EEACOhgYkDgYYABABlnLak
-OG+HzUgAp5XIOQN58R1OV+aoq/hKfEM4mDaJFK4vTemT194qTZVQIugGEuzF1mQg
-Yk9oNMhhX8EsT4Wv6wE0d5u2nIMhkLdARNlCdGe2X45I1D2iihIZsNH8treYFIT2
-lzAV57uYRo1M+IGmgKbGiba+XhMHUNCCPQxu9bUgNg==
+MIHcAgEBBEIAtiNgtSnZ9gKIXkKvb8f1J+ubRkBssvOaHYjv7RMvVOqw5kQGb11B
+qXHVf2Qt25/1DccijDu27YQJQLVTY0k5elSgBwYFK4EEACOhgYkDgYYABADF8xmb
+Pu/a05BVtNnZflimozXZgYi+Md7hKREzL7qrdvtRwbyvki3XNo7zzc1HF/FcYyLJ
+7U1j71G6QVSN7mRHBgAspFYE1LpjBlrObWcxJTF74PtzYGKaMWCP+YN52u3tGaOd
+lvrDiJVi8i/GAuGjIG2tYQVJZQzqUgHHSWPuM2HRBA==
-----END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
index 3480a434a..a1a86a222 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
@@ -1,17 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT
+AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT
+d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI
+MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE
+AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG
+AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE
+J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb
+TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd
+uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E
+J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd
+YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA
+ihgk0RArH39otlUFPSbSE9bicCDy
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index a85635faf..646f6e8e3 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,15 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIICXzCCAcCgAwIBAgIBCTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+MIIC8TCCAlKgAwIBAgIBEDAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODA3MjczOFoXDTE4MDYwMjA3MjczOFowXzELMAkGA1UE
+b290IENBMB4XDTE4MDYxMzEyMTEyMVoXDTIzMDYxMTEyMTEyMVowXzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
-IDI1NiBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI
-zj0CAQYIKoZIzj0DAQcDQgAEwYQaBELkyAVAzNzWJr9LqoK8gdKDv+Ns6D+ZQSAj
-BuX3bs5ZIn7BrRxYd+mbnpZ2in7FjXPWkcLkIK/cgay2n6OBgzCBgDAfBgNVHSME
-GDAWgBS6XflxthO1atHduja3qtLB7o/Y0jAfBgNVHREEGDAWgRRjYXJvbEBzdHJv
-bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3
-YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAIU5
-nZLSfuiHElf7SFHl/sXCTSQ5FhEjSdhpMUvsgwq0vnEJRRdsdEOmmtVT5yQFHDUR
-Z9YVl4/zP5EFyUepvCH5AkIB2WFJ5WZ3Ds76Tq9AxAPaFbsQapGgOmrRZ6lGkj49
-hzLfARkvr+fTbOrttOC4yTIfnYVygA2G1cQYzceY/JiSk00=
+IDI1NiBiaXQxHTAbBgNVBAMMFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAE3WHJOZfpI6KZX6zlKRtCvY0VwHW/K8SWjDCuoq+C
+Vb7NnQ0Lpfb22Cihwjf0/ne78AcYGapZdt8/tdxlpQm+9qOCARQwggEQMAkGA1Ud
+EwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSpGHTyNt5Tfshldm2Oz0MlnHZ+
+aTB4BgNVHSMEcTBvgBS6XflxthO1atHduja3qtLB7o/Y0qFMpEowSDELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9u
+Z1N3YW4gRUMgUm9vdCBDQYIJAPaidX4i76aJMB8GA1UdEQQYMBaBFGNhcm9sQHN0
+cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25n
+c3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5jcmwwCgYIKoZIzj0EAwIDgYwAMIGIAkIA
+7r9urYVPXwOUBU120HDb/0Z+ezMm8vFtGsrJPME9JdW7bdkb1IpWpSobn3Ua94Gm
+q7PtKPYbOoF6m4aAIhouWkwCQgChGMvdnRhLQiItMGybWY5mLOYemM9U3CjNLRSE
+gDIPWr67i05MwdofcT2hYPSFHAyeI7OfJikHrAfDcTok6kPA3A==
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem
index d2f97f858..c277ba4f6 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,8 +1,8 @@
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,0C53E74E6B5AC2D7475EFF30478B9D5F
+DEK-Info: AES-128-CBC,E62D0EE78FCCAD3B03EA4F93FEFD057C
-eHLtgaAjHt0sWRnBnRAt8CEPjak58pCwVbH+7Vfz2dy//GRvZviPA/TEQDtznPde
-v5yIDGUe6vvtoY4oXemGi5SQiP8KAuaKylMQEjm2FHYwT/SgIwk5EZZjI4CcFBnK
-NWV3z5oPiW6hZebwUHWaioSAYK1awOtFcp0l4UGA31U=
+CppPKxfVWWaXK3iuFa27YOe/0lWsvzhYKShyq9XanpjuCkcmxKD97eAH1TKokasH
+7ffgnKzbLloxJN6g0GMTPpfiRndeK36DyTwktkyt+h+LU1xooSmNnsaM41P0GaPB
+71Y87B5E5DCmWQO0icQKbQPj66GNwxBh9S6a8OaxnkU=
-----END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
index 3480a434a..a1a86a222 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
@@ -1,17 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT
+AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT
+d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI
+MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE
+AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG
+AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE
+J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb
+TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd
+uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E
+J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd
+YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA
+ihgk0RArH39otlUFPSbSE9bicCDy
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index e97709a3f..35b3df49a 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,16 +1,19 @@
-----BEGIN CERTIFICATE-----
-MIICeTCCAdqgAwIBAgIBDDAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+MIIDDDCCAm2gAwIBAgIBDzAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODA3MzUxOVoXDTE4MDYwMjA3MzUxOVowXjELMAkGA1UE
+b290IENBMB4XDTE4MDYxMzEyMTAzMVoXDTIzMDYxMTEyMTAzMVowXjELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
-IDM4NCBiaXQxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO
-PQIBBgUrgQQAIgNiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwpnPP1dWQl4Dpr
-DokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6QqQt/AtuPjCL7r
-3k3F0Nsj/TGSjRmcMr6jgYEwfzAfBgNVHSMEGDAWgBS6XflxthO1atHduja3qtLB
-7o/Y0jAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMw
-MaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5j
-cmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIB/x2+UiGE5T7229M2Ic2BMYLWSBQlZJeT
-d3uniJb3NAkeQAhDgj0TOxVdMz1SkgScLRS2RKYpsxiVsV+tVuijTMQCQgHn1WtY
-iiSY7OWcX9hQEqWDV0TxoNcgInEhsmtMbseCpR0dYXYsm54oC0pqVBeKp0GC7KJr
-ZEmeb0/mRB56osgppA==
+IDM4NCBiaXQxHDAaBgNVBAMME2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAAQiPVu1BMrRbeXe2c7zSzBl1UeJfNeM0ocoAfYUe/8KzxU5
+7Gapbm2Gztkm/2V4Zb7PvK3LOKIrUnxNdE0nVvsdIZKSi/BZEm3BQu8lofvwQQxQ
+rWnu3qzwqEfwb0iB2WyjggETMIIBDzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAd
+BgNVHQ4EFgQUDCdvv80iOq2pGsjrnNiQFP2RjnsweAYDVR0jBHEwb4AUul35cbYT
+tWrR3bo2t6rSwe6P2NKhTKRKMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51
+eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2
+onV+Iu+miTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1
+MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9l
+Yy5jcmwwCgYIKoZIzj0EAwIDgYwAMIGIAkIBMxGGwujqlwf+JFNXW/sbxZmynwzq
+duPikzCw0wIq+YhFYJVi2YWDz0Ikfn4WUvoiUIC/uSBAJAw/3E3SHO5I4Y8CQgF2
+d6Ct2ocQwMcz5O00i3BsuOjiHvL3VB3GGG8rfIXAqwUAy4jXQo0bMh2yD+5WwKmP
+GnRyvRuhwRkbBIGt6l1mbA==
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 574c86a2e..40a76935e 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,6 +1,6 @@
-----BEGIN EC PRIVATE KEY-----
-MIGkAgEBBDCFbFPkGF4ez8EzHm6pTVCr17Q1+GACxn7m0EE4UVoq7RQBNk4NOxhE
-hJZpquwjgqegBwYFK4EEACKhZANiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwp
-nPP1dWQl4DprDokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6Qq
-Qt/AtuPjCL7r3k3F0Nsj/TGSjRmcMr4=
+MIGkAgEBBDBz89+bQmsMHvfaCsI0N1bInZ+oxA9JZHZrAAkHGHaWFUQZFXBMB88n
+2+6S2JvUbcygBwYFK4EEACKhZANiAAQiPVu1BMrRbeXe2c7zSzBl1UeJfNeM0oco
+AfYUe/8KzxU57Gapbm2Gztkm/2V4Zb7PvK3LOKIrUnxNdE0nVvsdIZKSi/BZEm3B
+Qu8lofvwQQxQrWnu3qzwqEfwb0iB2Ww=
-----END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
index 3480a434a..a1a86a222 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
@@ -1,17 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT
+AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT
+d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI
+MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE
+AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG
+AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE
+J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb
+TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd
+uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E
+J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd
+YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA
+ihgk0RArH39otlUFPSbSE9bicCDy
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem
index 25f0538a7..a4962286e 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/certs/moonCert.pem
@@ -1,17 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIICnTCCAf+gAwIBAgIBDTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+MIIDMTCCApOgAwIBAgIBDjAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODEwMDIxNloXDTE4MDYwMjEwMDIxNlowXTELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFTATBgNVBAsTDEVDU0Eg
-NTIxIGJpdDEcMBoGA1UEAxMTbW9vbi5zdHJvbmdzd2FuLm9yZzCBmzAQBgcqhkjO
-PQIBBgUrgQQAIwOBhgAEAGWctqQ4b4fNSACnlcg5A3nxHU5X5qir+Ep8QziYNokU
-ri9N6ZPX3ipNlVAi6AYS7MXWZCBiT2g0yGFfwSxPha/rATR3m7acgyGQt0BE2UJ0
-Z7ZfjkjUPaKKEhmw0fy2t5gUhPaXMBXnu5hGjUz4gaaApsaJtr5eEwdQ0II9DG71
-tSA2o4GBMH8wHwYDVR0jBBgwFoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0R
-BBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRw
-Oi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49
-BAMEA4GLADCBhwJBAjPn1KkfPOlfn51b6AtISSpccCsKJ6LhJiSLuQp0SzMrg3mv
-vSIkNpVrUigW0VVMwcanW3UuYKSxMBl3Z30+RpYCQgGh8v1XO4SO3DmVLD9+JLil
-9Dp0TNkzNLdOqeuIX6ili5yhnLU8chwSlpJ9d81FdAjHP9EDPO+7fTswC2vYL+Rm
-2A==
+b290IENBMB4XDTE4MDYxMzEyMDQ0M1oXDTIzMDYxMTEyMDQ0M1owXjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDUyMSBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwgZswEAYHKoZI
+zj0CAQYFK4EEACMDgYYABADF8xmbPu/a05BVtNnZflimozXZgYi+Md7hKREzL7qr
+dvtRwbyvki3XNo7zzc1HF/FcYyLJ7U1j71G6QVSN7mRHBgAspFYE1LpjBlrObWcx
+JTF74PtzYGKaMWCP+YN52u3tGaOdlvrDiJVi8i/GAuGjIG2tYQVJZQzqUgHHSWPu
+M2HRBKOCARMwggEPMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRl
+8cuEZmUGoBIWQeXSYzWq/7ou4jB4BgNVHSMEcTBvgBS6XflxthO1atHduja3qtLB
+7o/Y0qFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
+YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gRUMgUm9vdCBDQYIJAPaidX4i76aJMB4G
+A1UdEQQXMBWCE21vb24uc3Ryb25nc3dhbi5vcmcwPAYDVR0fBDUwMzAxoC+gLYYr
+aHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2VjLmNybDAKBggq
+hkjOPQQDAgOBiwAwgYcCQgDtARCWbIy+tdsD9EYw/oTxfrnsWP0fw1/3UKXjSAlT
+tZfJfE743Y7Zl2vqmRIeohQBYY09reTOFnUfYx/jONsTUQJBSB7w+z/CcTCQGIV8
+ISaaeAskxcg/+h87ha+5ZOkHoJDeJTqaatHu3dVx8OepEiQS0TSB9FNxj9g/9bYN
+Vjo6NkA=
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem
index a1ba4c9b9..24f07b5d7 100644
--- a/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem
+++ b/testing/tests/openssl-ikev2/ecdsa-certs/hosts/moon/etc/ipsec.d/private/moonKey.pem
@@ -1,7 +1,7 @@
-----BEGIN EC PRIVATE KEY-----
-MIHcAgEBBEIB2FqpGVb6Q8oGdL/boMxg+9G1lKAFqWXVm1jhjmrTyyc6lFJ5Hcix
-+G8ZaNPJ7fLC3NU4uxW3Y9wo1K6yMDfqZhugBwYFK4EEACOhgYkDgYYABABlnLak
-OG+HzUgAp5XIOQN58R1OV+aoq/hKfEM4mDaJFK4vTemT194qTZVQIugGEuzF1mQg
-Yk9oNMhhX8EsT4Wv6wE0d5u2nIMhkLdARNlCdGe2X45I1D2iihIZsNH8treYFIT2
-lzAV57uYRo1M+IGmgKbGiba+XhMHUNCCPQxu9bUgNg==
+MIHcAgEBBEIAtiNgtSnZ9gKIXkKvb8f1J+ubRkBssvOaHYjv7RMvVOqw5kQGb11B
+qXHVf2Qt25/1DccijDu27YQJQLVTY0k5elSgBwYFK4EEACOhgYkDgYYABADF8xmb
+Pu/a05BVtNnZflimozXZgYi+Md7hKREzL7qrdvtRwbyvki3XNo7zzc1HF/FcYyLJ
+7U1j71G6QVSN7mRHBgAspFYE1LpjBlrObWcxJTF74PtzYGKaMWCP+YN52u3tGaOd
+lvrDiJVi8i/GAuGjIG2tYQVJZQzqUgHHSWPuM2HRBA==
-----END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
index 3480a434a..a1a86a222 100644
--- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
@@ -1,17 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT
+AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT
+d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI
+MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE
+AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG
+AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE
+J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb
+TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd
+uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E
+J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd
+YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA
+ihgk0RArH39otlUFPSbSE9bicCDy
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index a85635faf..646f6e8e3 100644
--- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,15 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIICXzCCAcCgAwIBAgIBCTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+MIIC8TCCAlKgAwIBAgIBEDAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODA3MjczOFoXDTE4MDYwMjA3MjczOFowXzELMAkGA1UE
+b290IENBMB4XDTE4MDYxMzEyMTEyMVoXDTIzMDYxMTEyMTEyMVowXzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
-IDI1NiBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI
-zj0CAQYIKoZIzj0DAQcDQgAEwYQaBELkyAVAzNzWJr9LqoK8gdKDv+Ns6D+ZQSAj
-BuX3bs5ZIn7BrRxYd+mbnpZ2in7FjXPWkcLkIK/cgay2n6OBgzCBgDAfBgNVHSME
-GDAWgBS6XflxthO1atHduja3qtLB7o/Y0jAfBgNVHREEGDAWgRRjYXJvbEBzdHJv
-bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3
-YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAIU5
-nZLSfuiHElf7SFHl/sXCTSQ5FhEjSdhpMUvsgwq0vnEJRRdsdEOmmtVT5yQFHDUR
-Z9YVl4/zP5EFyUepvCH5AkIB2WFJ5WZ3Ds76Tq9AxAPaFbsQapGgOmrRZ6lGkj49
-hzLfARkvr+fTbOrttOC4yTIfnYVygA2G1cQYzceY/JiSk00=
+IDI1NiBiaXQxHTAbBgNVBAMMFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAE3WHJOZfpI6KZX6zlKRtCvY0VwHW/K8SWjDCuoq+C
+Vb7NnQ0Lpfb22Cihwjf0/ne78AcYGapZdt8/tdxlpQm+9qOCARQwggEQMAkGA1Ud
+EwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSpGHTyNt5Tfshldm2Oz0MlnHZ+
+aTB4BgNVHSMEcTBvgBS6XflxthO1atHduja3qtLB7o/Y0qFMpEowSDELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9u
+Z1N3YW4gRUMgUm9vdCBDQYIJAPaidX4i76aJMB8GA1UdEQQYMBaBFGNhcm9sQHN0
+cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25n
+c3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5jcmwwCgYIKoZIzj0EAwIDgYwAMIGIAkIA
+7r9urYVPXwOUBU120HDb/0Z+ezMm8vFtGsrJPME9JdW7bdkb1IpWpSobn3Ua94Gm
+q7PtKPYbOoF6m4aAIhouWkwCQgChGMvdnRhLQiItMGybWY5mLOYemM9U3CjNLRSE
+gDIPWr67i05MwdofcT2hYPSFHAyeI7OfJikHrAfDcTok6kPA3A==
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/private/carolKey.pem
index 681c1ee67..d043dfd6d 100644
--- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,6 +1,7 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIGwMBsGCSqGSIb3DQEFAzAOBAhvrv2j+DAo4AICCAAEgZAkhslW1CuYRZ7SKigR
-p/5suJU4xR6scHyS1yVYtrTC99Ha287MuS1/KUf0DZasx89AxoYcOgr+YvuIrUYw
-/f8cNmkcw3E2EvGwy7VVtqf12M+j4B2eUSNjaQvw4sQvxFPlbETocWYaLOOZrgr1
-/+b5n4o4VZ/MYDyfxmgNNluXaVGz9xP5pTvHI7ocDJzh5d4=
+MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAiROOtxlAFj6QICCAAw
+HQYJYIZIAWUDBAECBBBD9qsqx1EbF8RiH8mOSf9iBIGQ3URjA/8q9stwEZNsEtS5
+/EzlxReZu+hSmH4+PlOXegP8bSpVtSC+wgTierfXNKDOV4Bs+OY3F/l0D0NYYiaj
+u041/vF1NuO38Fu5rwMZJcCZhlLXVuQVBqyQ5I+52RxTjoEluIQ5MvJOcMap/mc+
+saMMOFLlCeiseIuAWOjcpFzoOWUgXRcABCXJItj+6RgK
-----END ENCRYPTED PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
index 3480a434a..a1a86a222 100644
--- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
@@ -1,17 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT
+AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT
+d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI
+MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE
+AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG
+AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE
+J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb
+TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd
+uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E
+J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd
+YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA
+ihgk0RArH39otlUFPSbSE9bicCDy
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index e97709a3f..35b3df49a 100644
--- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,16 +1,19 @@
-----BEGIN CERTIFICATE-----
-MIICeTCCAdqgAwIBAgIBDDAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+MIIDDDCCAm2gAwIBAgIBDzAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODA3MzUxOVoXDTE4MDYwMjA3MzUxOVowXjELMAkGA1UE
+b290IENBMB4XDTE4MDYxMzEyMTAzMVoXDTIzMDYxMTEyMTAzMVowXjELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
-IDM4NCBiaXQxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO
-PQIBBgUrgQQAIgNiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwpnPP1dWQl4Dpr
-DokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6QqQt/AtuPjCL7r
-3k3F0Nsj/TGSjRmcMr6jgYEwfzAfBgNVHSMEGDAWgBS6XflxthO1atHduja3qtLB
-7o/Y0jAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMw
-MaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5j
-cmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIB/x2+UiGE5T7229M2Ic2BMYLWSBQlZJeT
-d3uniJb3NAkeQAhDgj0TOxVdMz1SkgScLRS2RKYpsxiVsV+tVuijTMQCQgHn1WtY
-iiSY7OWcX9hQEqWDV0TxoNcgInEhsmtMbseCpR0dYXYsm54oC0pqVBeKp0GC7KJr
-ZEmeb0/mRB56osgppA==
+IDM4NCBiaXQxHDAaBgNVBAMME2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAAQiPVu1BMrRbeXe2c7zSzBl1UeJfNeM0ocoAfYUe/8KzxU5
+7Gapbm2Gztkm/2V4Zb7PvK3LOKIrUnxNdE0nVvsdIZKSi/BZEm3BQu8lofvwQQxQ
+rWnu3qzwqEfwb0iB2WyjggETMIIBDzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAd
+BgNVHQ4EFgQUDCdvv80iOq2pGsjrnNiQFP2RjnsweAYDVR0jBHEwb4AUul35cbYT
+tWrR3bo2t6rSwe6P2NKhTKRKMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51
+eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2
+onV+Iu+miTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1
+MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9l
+Yy5jcmwwCgYIKoZIzj0EAwIDgYwAMIGIAkIBMxGGwujqlwf+JFNXW/sbxZmynwzq
+duPikzCw0wIq+YhFYJVi2YWDz0Ikfn4WUvoiUIC/uSBAJAw/3E3SHO5I4Y8CQgF2
+d6Ct2ocQwMcz5O00i3BsuOjiHvL3VB3GGG8rfIXAqwUAy4jXQo0bMh2yD+5WwKmP
+GnRyvRuhwRkbBIGt6l1mbA==
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 6dca1f239..c32137ef9 100644
--- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,8 +1,8 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBBTBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI9Dxjbv7bnuoCAggA
-MBQGCCqGSIb3DQMHBAjONh5rePJ/owSBwG8qgvCeUae7yZQRM1iEa90zq1yrS71z
-l5dEFzeFnYcu25qVK6IkYRHUFZIDGep+2Ep33+IrCYadV69AjCdM3Lnl+cjp+vVn
-o1ZvXoNKMor0AHyuTbHI/xdOrd2ZFjkWITnXX2qHTKViFFBoMGo7Jb9XI2eAT4hF
-0Z2EaAzl383eBQ/Wb/Jr0c+cwi5lvRLW5OKp48mQ5++8wJlaw+7W1MxPVhggG6U3
-lVzl9N+aLEFOSr0b8EMTDywJNBJZcNOQZw==
+MIIBDjBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIfDUTNLH0pIECAggA
+MB0GCWCGSAFlAwQBFgQQJkz6Ue4pqL1cy6jxNoXBMQSBwMn8dxyRJjcjbPvy6v7r
+Zdn7Nb69xYhkH2n+8DY8vfutsh9g84HbzzBLhpl1MJZXq8xwxS1AQUYNJqoIrd9s
+4j8IkGZX935I2FBABzN4JEdY2h1zX3VJxU0XgDLEPYYJUUY0PTQ+5P1ooYyDg73t
+lAUw2eKPl9sgdX2f+5gTLVJZMFkWJsCFkCHFRdLaFdsaXcoB8TI0UWYSK1yJD+6K
+XbCMqK/jV/jckXtwCMIG8/DSxnObFu2PEUGjzMSAVUvCWQ==
-----END ENCRYPTED PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
index 3480a434a..a1a86a222 100644
--- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
@@ -1,17 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT
+AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT
+d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI
+MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE
+AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG
+AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE
+J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb
+TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd
+uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E
+J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd
+YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA
+ihgk0RArH39otlUFPSbSE9bicCDy
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/certs/moonCert.pem
index 25f0538a7..a4962286e 100644
--- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/certs/moonCert.pem
+++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/certs/moonCert.pem
@@ -1,17 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIICnTCCAf+gAwIBAgIBDTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+MIIDMTCCApOgAwIBAgIBDjAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODEwMDIxNloXDTE4MDYwMjEwMDIxNlowXTELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFTATBgNVBAsTDEVDU0Eg
-NTIxIGJpdDEcMBoGA1UEAxMTbW9vbi5zdHJvbmdzd2FuLm9yZzCBmzAQBgcqhkjO
-PQIBBgUrgQQAIwOBhgAEAGWctqQ4b4fNSACnlcg5A3nxHU5X5qir+Ep8QziYNokU
-ri9N6ZPX3ipNlVAi6AYS7MXWZCBiT2g0yGFfwSxPha/rATR3m7acgyGQt0BE2UJ0
-Z7ZfjkjUPaKKEhmw0fy2t5gUhPaXMBXnu5hGjUz4gaaApsaJtr5eEwdQ0II9DG71
-tSA2o4GBMH8wHwYDVR0jBBgwFoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0R
-BBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRw
-Oi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49
-BAMEA4GLADCBhwJBAjPn1KkfPOlfn51b6AtISSpccCsKJ6LhJiSLuQp0SzMrg3mv
-vSIkNpVrUigW0VVMwcanW3UuYKSxMBl3Z30+RpYCQgGh8v1XO4SO3DmVLD9+JLil
-9Dp0TNkzNLdOqeuIX6ili5yhnLU8chwSlpJ9d81FdAjHP9EDPO+7fTswC2vYL+Rm
-2A==
+b290IENBMB4XDTE4MDYxMzEyMDQ0M1oXDTIzMDYxMTEyMDQ0M1owXjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDUyMSBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwgZswEAYHKoZI
+zj0CAQYFK4EEACMDgYYABADF8xmbPu/a05BVtNnZflimozXZgYi+Md7hKREzL7qr
+dvtRwbyvki3XNo7zzc1HF/FcYyLJ7U1j71G6QVSN7mRHBgAspFYE1LpjBlrObWcx
+JTF74PtzYGKaMWCP+YN52u3tGaOdlvrDiJVi8i/GAuGjIG2tYQVJZQzqUgHHSWPu
+M2HRBKOCARMwggEPMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRl
+8cuEZmUGoBIWQeXSYzWq/7ou4jB4BgNVHSMEcTBvgBS6XflxthO1atHduja3qtLB
+7o/Y0qFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
+YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gRUMgUm9vdCBDQYIJAPaidX4i76aJMB4G
+A1UdEQQXMBWCE21vb24uc3Ryb25nc3dhbi5vcmcwPAYDVR0fBDUwMzAxoC+gLYYr
+aHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2VjLmNybDAKBggq
+hkjOPQQDAgOBiwAwgYcCQgDtARCWbIy+tdsD9EYw/oTxfrnsWP0fw1/3UKXjSAlT
+tZfJfE743Y7Zl2vqmRIeohQBYY09reTOFnUfYx/jONsTUQJBSB7w+z/CcTCQGIV8
+ISaaeAskxcg/+h87ha+5ZOkHoJDeJTqaatHu3dVx8OepEiQS0TSB9FNxj9g/9bYN
+Vjo6NkA=
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/private/moonKey.pem
index 04db7f7e0..24f07b5d7 100644
--- a/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/private/moonKey.pem
+++ b/testing/tests/openssl-ikev2/ecdsa-pkcs8/hosts/moon/etc/ipsec.d/private/moonKey.pem
@@ -1,8 +1,7 @@
------BEGIN PRIVATE KEY-----
-MIHuAgEAMBAGByqGSM49AgEGBSuBBAAjBIHWMIHTAgEBBEIB2FqpGVb6Q8oGdL/b
-oMxg+9G1lKAFqWXVm1jhjmrTyyc6lFJ5Hcix+G8ZaNPJ7fLC3NU4uxW3Y9wo1K6y
-MDfqZhuhgYkDgYYABABlnLakOG+HzUgAp5XIOQN58R1OV+aoq/hKfEM4mDaJFK4v
-TemT194qTZVQIugGEuzF1mQgYk9oNMhhX8EsT4Wv6wE0d5u2nIMhkLdARNlCdGe2
-X45I1D2iihIZsNH8treYFIT2lzAV57uYRo1M+IGmgKbGiba+XhMHUNCCPQxu9bUg
-Ng==
------END PRIVATE KEY-----
+-----BEGIN EC PRIVATE KEY-----
+MIHcAgEBBEIAtiNgtSnZ9gKIXkKvb8f1J+ubRkBssvOaHYjv7RMvVOqw5kQGb11B
+qXHVf2Qt25/1DccijDu27YQJQLVTY0k5elSgBwYFK4EEACOhgYkDgYYABADF8xmb
+Pu/a05BVtNnZflimozXZgYi+Md7hKREzL7qrdvtRwbyvki3XNo7zzc1HF/FcYyLJ
+7U1j71G6QVSN7mRHBgAspFYE1LpjBlrObWcxJTF74PtzYGKaMWCP+YN52u3tGaOd
+lvrDiJVi8i/GAuGjIG2tYQVJZQzqUgHHSWPuM2HRBA==
+-----END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat b/testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat
index a24c7a053..5b525ef06 100644
--- a/testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat
+++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/evaltest.dat
@@ -3,7 +3,7 @@ moon:: ipsec status 2> /dev/null::rw-eap.*ESTABLISHED::YES
carol::cat /var/log/daemon.log::server requested EAP_TLS authentication::YES
carol::cat /var/log/daemon.log::negotiated TLS 1.2 using suite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256::YES
carol::cat /var/log/daemon.log::allow mutual EAP-only authentication::YES
-carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=ECSA 521 bit, CN=moon.strongswan.org' with EAP successful::YES
+carol::cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=ECDSA 521 bit, CN=moon.strongswan.org' with EAP successful::YES
moon:: cat /var/log/daemon.log::authentication of 'C=CH, O=Linux strongSwan, OU=ECDSA 256 bit, CN=carol@strongswan.org' with EAP successful::YES
carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
index ee8cbcdef..f3d7a807c 100644
--- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
+++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.conf
@@ -15,7 +15,7 @@ conn home
leftauth=eap
leftfirewall=yes
right=PH_IP_MOON
- rightid="C=CH, O=Linux strongSwan, OU=ECSA 521 bit, CN=moon.strongswan.org"
+ rightid="C=CH, O=Linux strongSwan, OU=ECDSA 521 bit, CN=moon.strongswan.org"
rightauth=any
rightsubnet=10.1.0.0/16
rightsendcert=never
diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
index 3480a434a..a1a86a222 100644
--- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
@@ -1,17 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT
+AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT
+d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI
+MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE
+AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG
+AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE
+J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb
+TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd
+uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E
+J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd
+YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA
+ihgk0RArH39otlUFPSbSE9bicCDy
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index a85635faf..646f6e8e3 100644
--- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,15 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIICXzCCAcCgAwIBAgIBCTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+MIIC8TCCAlKgAwIBAgIBEDAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODA3MjczOFoXDTE4MDYwMjA3MjczOFowXzELMAkGA1UE
+b290IENBMB4XDTE4MDYxMzEyMTEyMVoXDTIzMDYxMTEyMTEyMVowXzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
-IDI1NiBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI
-zj0CAQYIKoZIzj0DAQcDQgAEwYQaBELkyAVAzNzWJr9LqoK8gdKDv+Ns6D+ZQSAj
-BuX3bs5ZIn7BrRxYd+mbnpZ2in7FjXPWkcLkIK/cgay2n6OBgzCBgDAfBgNVHSME
-GDAWgBS6XflxthO1atHduja3qtLB7o/Y0jAfBgNVHREEGDAWgRRjYXJvbEBzdHJv
-bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3
-YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAIU5
-nZLSfuiHElf7SFHl/sXCTSQ5FhEjSdhpMUvsgwq0vnEJRRdsdEOmmtVT5yQFHDUR
-Z9YVl4/zP5EFyUepvCH5AkIB2WFJ5WZ3Ds76Tq9AxAPaFbsQapGgOmrRZ6lGkj49
-hzLfARkvr+fTbOrttOC4yTIfnYVygA2G1cQYzceY/JiSk00=
+IDI1NiBiaXQxHTAbBgNVBAMMFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAE3WHJOZfpI6KZX6zlKRtCvY0VwHW/K8SWjDCuoq+C
+Vb7NnQ0Lpfb22Cihwjf0/ne78AcYGapZdt8/tdxlpQm+9qOCARQwggEQMAkGA1Ud
+EwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSpGHTyNt5Tfshldm2Oz0MlnHZ+
+aTB4BgNVHSMEcTBvgBS6XflxthO1atHduja3qtLB7o/Y0qFMpEowSDELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9u
+Z1N3YW4gRUMgUm9vdCBDQYIJAPaidX4i76aJMB8GA1UdEQQYMBaBFGNhcm9sQHN0
+cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25n
+c3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5jcmwwCgYIKoZIzj0EAwIDgYwAMIGIAkIA
+7r9urYVPXwOUBU120HDb/0Z+ezMm8vFtGsrJPME9JdW7bdkb1IpWpSobn3Ua94Gm
+q7PtKPYbOoF6m4aAIhouWkwCQgChGMvdnRhLQiItMGybWY5mLOYemM9U3CjNLRSE
+gDIPWr67i05MwdofcT2hYPSFHAyeI7OfJikHrAfDcTok6kPA3A==
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/private/carolKey.pem
index d2f97f858..c277ba4f6 100644
--- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,8 +1,8 @@
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,0C53E74E6B5AC2D7475EFF30478B9D5F
+DEK-Info: AES-128-CBC,E62D0EE78FCCAD3B03EA4F93FEFD057C
-eHLtgaAjHt0sWRnBnRAt8CEPjak58pCwVbH+7Vfz2dy//GRvZviPA/TEQDtznPde
-v5yIDGUe6vvtoY4oXemGi5SQiP8KAuaKylMQEjm2FHYwT/SgIwk5EZZjI4CcFBnK
-NWV3z5oPiW6hZebwUHWaioSAYK1awOtFcp0l4UGA31U=
+CppPKxfVWWaXK3iuFa27YOe/0lWsvzhYKShyq9XanpjuCkcmxKD97eAH1TKokasH
+7ffgnKzbLloxJN6g0GMTPpfiRndeK36DyTwktkyt+h+LU1xooSmNnsaM41P0GaPB
+71Y87B5E5DCmWQO0icQKbQPj66GNwxBh9S6a8OaxnkU=
-----END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
index 3480a434a..a1a86a222 100644
--- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
@@ -1,17 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT
+AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT
+d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI
+MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE
+AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG
+AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE
+J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb
+TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd
+uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E
+J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd
+YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA
+ihgk0RArH39otlUFPSbSE9bicCDy
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/certs/moonCert.pem
index 25f0538a7..a4962286e 100644
--- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/certs/moonCert.pem
+++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/certs/moonCert.pem
@@ -1,17 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIICnTCCAf+gAwIBAgIBDTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+MIIDMTCCApOgAwIBAgIBDjAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODEwMDIxNloXDTE4MDYwMjEwMDIxNlowXTELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFTATBgNVBAsTDEVDU0Eg
-NTIxIGJpdDEcMBoGA1UEAxMTbW9vbi5zdHJvbmdzd2FuLm9yZzCBmzAQBgcqhkjO
-PQIBBgUrgQQAIwOBhgAEAGWctqQ4b4fNSACnlcg5A3nxHU5X5qir+Ep8QziYNokU
-ri9N6ZPX3ipNlVAi6AYS7MXWZCBiT2g0yGFfwSxPha/rATR3m7acgyGQt0BE2UJ0
-Z7ZfjkjUPaKKEhmw0fy2t5gUhPaXMBXnu5hGjUz4gaaApsaJtr5eEwdQ0II9DG71
-tSA2o4GBMH8wHwYDVR0jBBgwFoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0R
-BBcwFYITbW9vbi5zdHJvbmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRw
-Oi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49
-BAMEA4GLADCBhwJBAjPn1KkfPOlfn51b6AtISSpccCsKJ6LhJiSLuQp0SzMrg3mv
-vSIkNpVrUigW0VVMwcanW3UuYKSxMBl3Z30+RpYCQgGh8v1XO4SO3DmVLD9+JLil
-9Dp0TNkzNLdOqeuIX6ili5yhnLU8chwSlpJ9d81FdAjHP9EDPO+7fTswC2vYL+Rm
-2A==
+b290IENBMB4XDTE4MDYxMzEyMDQ0M1oXDTIzMDYxMTEyMDQ0M1owXjELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
+IDUyMSBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwgZswEAYHKoZI
+zj0CAQYFK4EEACMDgYYABADF8xmbPu/a05BVtNnZflimozXZgYi+Md7hKREzL7qr
+dvtRwbyvki3XNo7zzc1HF/FcYyLJ7U1j71G6QVSN7mRHBgAspFYE1LpjBlrObWcx
+JTF74PtzYGKaMWCP+YN52u3tGaOdlvrDiJVi8i/GAuGjIG2tYQVJZQzqUgHHSWPu
+M2HRBKOCARMwggEPMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBRl
+8cuEZmUGoBIWQeXSYzWq/7ou4jB4BgNVHSMEcTBvgBS6XflxthO1atHduja3qtLB
+7o/Y0qFMpEowSDELMAkGA1UEBhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3
+YW4xHjAcBgNVBAMTFXN0cm9uZ1N3YW4gRUMgUm9vdCBDQYIJAPaidX4i76aJMB4G
+A1UdEQQXMBWCE21vb24uc3Ryb25nc3dhbi5vcmcwPAYDVR0fBDUwMzAxoC+gLYYr
+aHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2FuX2VjLmNybDAKBggq
+hkjOPQQDAgOBiwAwgYcCQgDtARCWbIy+tdsD9EYw/oTxfrnsWP0fw1/3UKXjSAlT
+tZfJfE743Y7Zl2vqmRIeohQBYY09reTOFnUfYx/jONsTUQJBSB7w+z/CcTCQGIV8
+ISaaeAskxcg/+h87ha+5ZOkHoJDeJTqaatHu3dVx8OepEiQS0TSB9FNxj9g/9bYN
+Vjo6NkA=
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/private/moonKey.pem
index a1ba4c9b9..24f07b5d7 100644
--- a/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/private/moonKey.pem
+++ b/testing/tests/openssl-ikev2/rw-eap-tls-only/hosts/moon/etc/ipsec.d/private/moonKey.pem
@@ -1,7 +1,7 @@
-----BEGIN EC PRIVATE KEY-----
-MIHcAgEBBEIB2FqpGVb6Q8oGdL/boMxg+9G1lKAFqWXVm1jhjmrTyyc6lFJ5Hcix
-+G8ZaNPJ7fLC3NU4uxW3Y9wo1K6yMDfqZhugBwYFK4EEACOhgYkDgYYABABlnLak
-OG+HzUgAp5XIOQN58R1OV+aoq/hKfEM4mDaJFK4vTemT194qTZVQIugGEuzF1mQg
-Yk9oNMhhX8EsT4Wv6wE0d5u2nIMhkLdARNlCdGe2X45I1D2iihIZsNH8treYFIT2
-lzAV57uYRo1M+IGmgKbGiba+XhMHUNCCPQxu9bUgNg==
+MIHcAgEBBEIAtiNgtSnZ9gKIXkKvb8f1J+ubRkBssvOaHYjv7RMvVOqw5kQGb11B
+qXHVf2Qt25/1DccijDu27YQJQLVTY0k5elSgBwYFK4EEACOhgYkDgYYABADF8xmb
+Pu/a05BVtNnZflimozXZgYi+Md7hKREzL7qrdvtRwbyvki3XNo7zzc1HF/FcYyLJ
+7U1j71G6QVSN7mRHBgAspFYE1LpjBlrObWcxJTF74PtzYGKaMWCP+YN52u3tGaOd
+lvrDiJVi8i/GAuGjIG2tYQVJZQzqUgHHSWPuM2HRBA==
-----END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
index 3480a434a..a1a86a222 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
@@ -1,17 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT
+AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT
+d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI
+MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE
+AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG
+AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE
+J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb
+TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd
+uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E
+J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd
+YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA
+ihgk0RArH39otlUFPSbSE9bicCDy
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index a85635faf..646f6e8e3 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,15 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIICXzCCAcCgAwIBAgIBCTAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+MIIC8TCCAlKgAwIBAgIBEDAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODA3MjczOFoXDTE4MDYwMjA3MjczOFowXzELMAkGA1UE
+b290IENBMB4XDTE4MDYxMzEyMTEyMVoXDTIzMDYxMTEyMTEyMVowXzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
-IDI1NiBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI
-zj0CAQYIKoZIzj0DAQcDQgAEwYQaBELkyAVAzNzWJr9LqoK8gdKDv+Ns6D+ZQSAj
-BuX3bs5ZIn7BrRxYd+mbnpZ2in7FjXPWkcLkIK/cgay2n6OBgzCBgDAfBgNVHSME
-GDAWgBS6XflxthO1atHduja3qtLB7o/Y0jAfBgNVHREEGDAWgRRjYXJvbEBzdHJv
-bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3
-YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAIU5
-nZLSfuiHElf7SFHl/sXCTSQ5FhEjSdhpMUvsgwq0vnEJRRdsdEOmmtVT5yQFHDUR
-Z9YVl4/zP5EFyUepvCH5AkIB2WFJ5WZ3Ds76Tq9AxAPaFbsQapGgOmrRZ6lGkj49
-hzLfARkvr+fTbOrttOC4yTIfnYVygA2G1cQYzceY/JiSk00=
+IDI1NiBiaXQxHTAbBgNVBAMMFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMFkwEwYHKoZI
+zj0CAQYIKoZIzj0DAQcDQgAE3WHJOZfpI6KZX6zlKRtCvY0VwHW/K8SWjDCuoq+C
+Vb7NnQ0Lpfb22Cihwjf0/ne78AcYGapZdt8/tdxlpQm+9qOCARQwggEQMAkGA1Ud
+EwQCMAAwCwYDVR0PBAQDAgOoMB0GA1UdDgQWBBSpGHTyNt5Tfshldm2Oz0MlnHZ+
+aTB4BgNVHSMEcTBvgBS6XflxthO1atHduja3qtLB7o/Y0qFMpEowSDELMAkGA1UE
+BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9u
+Z1N3YW4gRUMgUm9vdCBDQYIJAPaidX4i76aJMB8GA1UdEQQYMBaBFGNhcm9sQHN0
+cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25n
+c3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5jcmwwCgYIKoZIzj0EAwIDgYwAMIGIAkIA
+7r9urYVPXwOUBU120HDb/0Z+ezMm8vFtGsrJPME9JdW7bdkb1IpWpSobn3Ua94Gm
+q7PtKPYbOoF6m4aAIhouWkwCQgChGMvdnRhLQiItMGybWY5mLOYemM9U3CjNLRSE
+gDIPWr67i05MwdofcT2hYPSFHAyeI7OfJikHrAfDcTok6kPA3A==
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/private/carolKey.pem
index 522a29607..c8c12c3b7 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,6 +1,7 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIGxMBwGCiqGSIb3DQEMAQMwDgQIMZeZ6WcLRQICAggABIGQVdFY4uNX+wTljx5B
-maey2lQKGzR1uWujrlgrnV5XUllz5riVLBQ62guQv2TWkQmwaiT503Fki+Hc+VfJ
-9CYAg9UjPuT/2H0e5wq0ZnWNJkpWY2LRpMeCkS4Tdww8PBINAoDraeLxtYLm2xsX
-mQ7raVahMTmSIO0YTkT7DJmevJAh2zYP7B613tY0PSKxcIdI
+MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAgyh91hjqzCuAICCAAw
+HQYJYIZIAWUDBAECBBBZwepsRENncvW5UJ/blAqmBIGQZdbHnD3PWEbUXZJPkbIK
+VvJZkd2+k12IxdShMWwCeW93R+3nj+7T0NPAQqMbuqz51zgO+SuXDupUIKdLHKMy
+vdasLrbA3fe7YFVlxQjB6fB69V059ifi61OCIO/KfC7Je4ff3TZVwJcUYpduPIkQ
+BZAw46T0JtrXltFgxxGYnnTlzuYW6EDB3l6Fwb2zCyZm
-----END ENCRYPTED PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
index 3480a434a..a1a86a222 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
@@ -1,17 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT
+AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT
+d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI
+MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE
+AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG
+AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE
+J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb
+TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd
+uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E
+J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd
+YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA
+ihgk0RArH39otlUFPSbSE9bicCDy
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index c83be145d..0f6315794 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,15 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIICXDCCAb2gAwIBAgIBCzAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+MIIC7TCCAlCgAwIBAgIBEjAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODA3MzMyOFoXDTE4MDYwMjA3MzMyOFowXjELMAkGA1UE
+b290IENBMB4XDTE4MDYxMzEyMzUyNFoXDTIzMDYxMTEyMzUyNFowXjELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
-IDI1NiBiaXQxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO
-PQIBBggqhkjOPQMBBwNCAAQ0aUuue3BcBvF6aEISID4c+mVBJyvSm2fPVRRkAQqh
-RktTHMYDWY6B8e/iGr4GDeF5bjr46vMB5eEtVx3chWbQo4GBMH8wHwYDVR0jBBgw
-FoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdz
-d2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCAd5ols9c
-CP6HPtfMXbPlSpUDKSRyB3c5Ix2Yn3z5ogMM1QSoS88FW8D7KKsb0qTY5TnlAls3
-45PmauVwEbI2cV6qAkIBphvsmhYWMnt/QMOij7DinihEL9Ib1vxOS2boUos6sHWi
-gj3wfHyfgHM3Pgt0YYoZxELDIxcLVJeoa1TmNey7IaI=
+IDI1NiBiaXQxHDAaBgNVBAMME2RhdmVAc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO
+PQIBBggqhkjOPQMBBwNCAATRc+i666sxHVohZ/4ld8ffz2xoa+x9+7TzM689nczQ
+oZMs3+AJIjjNzdjvEe6kPHW73p51IdtlVF97Ib62hgQuo4IBEzCCAQ8wCQYDVR0T
+BAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFDA3QkktCD5ZvWeiepNeQPWpcKP8
+MHgGA1UdIwRxMG+AFLpd+XG2E7Vq0d26Nreq0sHuj9jSoUykSjBIMQswCQYDVQQG
+EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25n
+U3dhbiBFQyBSb290IENBggkA9qJ1fiLvpokwHgYDVR0RBBcwFYETZGF2ZUBzdHJv
+bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3
+YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMCA4GKADCBhgJBOrfM
+xT0Cn1uXVvuS977ANQZwzAX4O9y5POFXBkDKLFPL9hgWg7jxhREkDRcvViovMmiM
+EAjoEZLD8SysfYrRZxcCQXtgWTfS2GAIDSQS1of1so/8Z/xZdfoIWxRoZ/xmH7jY
+Yt3wK6yGjziEbX9LGN4MkOwkJKjEkTwbTygv7Wt3arz/
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 17e94022e..a4041c5fa 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,5 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
-MHcCAQEEICwxFtCsSqIAzwZDyxHclTRdz/tGzAY7fP/vPoxqr8vuoAoGCCqGSM49
-AwEHoUQDQgAENGlLrntwXAbxemhCEiA+HPplQScr0ptnz1UUZAEKoUZLUxzGA1mO
-gfHv4hq+Bg3heW46+OrzAeXhLVcd3IVm0A==
+MHcCAQEEICEAikut4YuFnv6vLE/7Lk+LmQ+ic35apftbhu2+TICQoAoGCCqGSM49
+AwEHoUQDQgAE0XPouuurMR1aIWf+JXfH389saGvsffu08zOvPZ3M0KGTLN/gCSI4
+zc3Y7xHupDx1u96edSHbZVRfeyG+toYELg==
-----END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
index 3480a434a..a1a86a222 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
@@ -1,17 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT
+AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT
+d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI
+MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE
+AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG
+AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE
+J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb
+TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd
+uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E
+J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd
+YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA
+ihgk0RArH39otlUFPSbSE9bicCDy
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/certs/moonCert.pem
index a3b043e82..961c8bec8 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/certs/moonCert.pem
+++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/certs/moonCert.pem
@@ -1,15 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIICXDCCAb2gAwIBAgIBBzAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+MIIC7jCCAlCgAwIBAgIBEzAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODA3MTc0M1oXDTE4MDYwMjA3MTc0M1owXjELMAkGA1UE
+b290IENBMB4XDTE4MDYxMzE0MzEzMVoXDTIzMDYxMTE0MzEzMVowXjELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
IDI1NiBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwWTATBgcqhkjO
-PQIBBggqhkjOPQMBBwNCAATf97+pfDnyPIA9gf6bYTZiIjNBAbCjCIqxxWou/oMq
-/9V1O20vyI/dg2g3yzTdzESUa+X81fop+i2n9ymBqI1No4GBMH8wHwYDVR0jBBgw
-FoAUul35cbYTtWrR3bo2t6rSwe6P2NIwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdz
-d2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
-b3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMEA4GMADCBiAJCALNndw3C
-DDWCb0f+6P6hxkqiYmUpv39XrioZrLbw+MjMD2WAchbj60KibBep1cVwIq3kWIJ6
-Jj0tYXG+f6yjmImqAkIBGOGRm+MQZxPFdYZoJZq5QXwIN0w2hJxmLIxBASW4PLdl
-RLIlvW/XTJObdb0VVYmClg0HTSvuuYOJrzwdyd8D1w0=
+PQIBBggqhkjOPQMBBwNCAATCqc/Wov++N8wvG3IhsEAxa38bxoIBPQZeOqMyi/lV
+breEsOSJD/POV3gkt1lKOaQ502XdJcjdAvCqjtbpzCMWo4IBEzCCAQ8wCQYDVR0T
+BAIwADALBgNVHQ8EBAMCA6gwHQYDVR0OBBYEFAtkayAwMYDQqnlKDRvm7HNCIxY8
+MHgGA1UdIwRxMG+AFLpd+XG2E7Vq0d26Nreq0sHuj9jSoUykSjBIMQswCQYDVQQG
+EwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25n
+U3dhbiBFQyBSb290IENBggkA9qJ1fiLvpokwHgYDVR0RBBcwFYITbW9vbi5zdHJv
+bmdzd2FuLm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLnN0cm9uZ3N3
+YW4ub3JnL3N0cm9uZ3N3YW5fZWMuY3JsMAoGCCqGSM49BAMCA4GLADCBhwJBVnfl
+l9eV6R+jNdUCuz+yDdM7c1UpQ+Qy7rtXq50KZY7d1xJsTk152LxXIkO8EJnHmO4l
+s39RHlGXItWcYGffXIICQgCLB+R8QFnMcKlgpjrxsuO/Ljg1RcMav3y3zaHJJJLT
+eJBEL7RhDaPGcJ/hKU4TPwvSEIkswQaDnN+oAZiz/gFDUw==
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/private/moonKey.pem
index 5bd2778a9..c0a8c852b 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/private/moonKey.pem
+++ b/testing/tests/openssl-ikev2/rw-suite-b-128/hosts/moon/etc/ipsec.d/private/moonKey.pem
@@ -1,5 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIHWBnv6tDi/CTTWOQi/0XME7r8Wd5GRPaXx3wNTElpSvoAoGCCqGSM49
-AwEHoUQDQgAE3/e/qXw58jyAPYH+m2E2YiIzQQGwowiKscVqLv6DKv/VdTttL8iP
-3YNoN8s03cxElGvl/NX6Kfotp/cpgaiNTQ==
+MHcCAQEEIG7fewqQ4RTIWsck4m9ftByXOl4X0va0RtYqdbiF9CAHoAoGCCqGSM49
+AwEHoUQDQgAEwqnP1qL/vjfMLxtyIbBAMWt/G8aCAT0GXjqjMov5VW63hLDkiQ/z
+zld4JLdZSjmkOdNl3SXI3QLwqo7W6cwjFg==
-----END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
index 3480a434a..a1a86a222 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/cacerts/strongswanCert.pem
@@ -1,17 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT
+AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT
+d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI
+MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE
+AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG
+AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE
+J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb
+TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd
+uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E
+J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd
+YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA
+ihgk0RArH39otlUFPSbSE9bicCDy
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/certs/carolCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/certs/carolCert.pem
index f43957143..f3f4c6671 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/certs/carolCert.pem
+++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/certs/carolCert.pem
@@ -1,16 +1,19 @@
-----BEGIN CERTIFICATE-----
-MIICfDCCAd2gAwIBAgIBCjAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+MIIDDjCCAm+gAwIBAgIBETAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODA3MzE1NFoXDTE4MDYwMjA3MzE1NFowXzELMAkGA1UE
+b290IENBMB4XDTE4MDYxMzEyMzQzMloXDTIzMDYxMTEyMzQzMlowXzELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
-IDM4NCBiaXQxHTAbBgNVBAMUFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMHYwEAYHKoZI
-zj0CAQYFK4EEACIDYgAERiDlh/bOFDq6bSRdDq2ivOcNcxWSGlO5dy5yBRvAhTWl
-NJcy93jxhDIzF5mxPpmgNXpdmSBRKbm3ydkw8LbWI+5/lje06Yl6nOLBO6Zb7GqH
-XFO+BqJrUxzbdHXwxWqto4GDMIGAMB8GA1UdIwQYMBaAFLpd+XG2E7Vq0d26Nreq
-0sHuj9jSMB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1
-MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9l
-Yy5jcmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIA8mbKzo+mp8umjvpoQUo5pIvR1CQQ
-lvBGCUWv7mtq1CVBXzv7Z+HQqPsrL388RymEErA7BzDMkPKTa5E3ZV5LL38CQgDx
-+v/cIcJdYngOOF0IgVSDzcGgSvOmMlPF/D97eC4Od7XwdYl5p9Sxi4SjmDZZi4r/
-EArN3teDfoc7CZcRxWcDhQ==
+IDM4NCBiaXQxHTAbBgNVBAMMFGNhcm9sQHN0cm9uZ3N3YW4ub3JnMHYwEAYHKoZI
+zj0CAQYFK4EEACIDYgAExm8lmoXGUfLL8xzhhQFmadz7SjPdubASbH9m+t7h30OV
+yo+NPmtve7uqrWzttyWfqR7tFSOLtP5joj8U9E580ilT/2MsjVQJpKOFpYaggPUK
+f+fhRwfQMUunyyAoIRSbo4IBFDCCARAwCQYDVR0TBAIwADALBgNVHQ8EBAMCA6gw
+HQYDVR0OBBYEFCQeIdu6skXTNWUg5w1Eb9HR1dU2MHgGA1UdIwRxMG+AFLpd+XG2
+E7Vq0d26Nreq0sHuj9jSoUykSjBIMQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGlu
+dXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBSb290IENBggkA
+9qJ1fiLvpokwHwYDVR0RBBgwFoEUY2Fyb2xAc3Ryb25nc3dhbi5vcmcwPAYDVR0f
+BDUwMzAxoC+gLYYraHR0cDovL2NybC5zdHJvbmdzd2FuLm9yZy9zdHJvbmdzd2Fu
+X2VjLmNybDAKBggqhkjOPQQDAgOBjAAwgYgCQgGptTrYfjcWM+P66K5W+sq1d4X6
+E0+I2lXRKRiku2vPjpTQZJim4k4pAJNC19R2CCJMBgqab1ROUUsHMMHBNcyR/gJC
+AN6S1J68o3UTQwAyN/zXW4ur8cxsPKV9uZYoz7O6Snz+eTliz/g8NPtfLYUseCii
+VoXhdWwKkiRd8Cjck+RJHVWh
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/private/carolKey.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/private/carolKey.pem
index 52e044d5e..713942d7f 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/private/carolKey.pem
+++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/carol/etc/ipsec.d/private/carolKey.pem
@@ -1,8 +1,8 @@
-----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIBBTBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIBJ620rnDFmACAggA
-MBQGCCqGSIb3DQMHBAh/kkTRYRcX+wSBwIWR0utZGuNjA73xHtLlpgEG+Bt3WfVk
-f/C5nSAIov9F3x1BdJ6il25cdcZBsq8/I15kWU9M5CyAnoHFNLcyAHcRK6NONqlr
-lFCrU0P5OBDbo6YbCVQKAufCCH1WIGdJvMKL5gaV4mytTrc0g8aYr+66lMKlMJb8
-43pzNGdEwLFfyrpKIFjysCIj30btCVzJWFDeBptmF9Vw0ST+x7x6FWjh2SRgnU10
-/0cs85hh6etFtXlUhzSw7P3abL/8zmWIHw==
+MIIBDjBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQI1OV1cAp5SZcCAggA
+MB0GCWCGSAFlAwQBFgQQ1SGtVnno2vKhkF+iPT6vygSBwFZQrciZs2FN8cDI0x9c
+3OFxbaRawXnagMlpYq/To268rDFtcKGBN7JxwBaFGJw4NFrU/sOu2NkhLuA/Jbaz
+w75aQ/MjTeOtwy2PS62J/+T1zqCdfpfCJYeYCc2CPd3E21FbsW0Mmfw1b8vZ2YeS
+lsd9jvY/bob4tH68J1ZqErOLaCU0EXPgqlZiLhcDIwfZJDqrZ5xFHk3mcjB6Pc4O
+TWwJN+elQoxd29HSASw9plO2p1DRDpSZPTU67UDXDOWfJA==
-----END ENCRYPTED PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
index 3480a434a..a1a86a222 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/cacerts/strongswanCert.pem
@@ -1,17 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT
+AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT
+d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI
+MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE
+AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG
+AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE
+J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb
+TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd
+uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E
+J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd
+YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA
+ihgk0RArH39otlUFPSbSE9bicCDy
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/certs/daveCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/certs/daveCert.pem
index e97709a3f..35b3df49a 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/certs/daveCert.pem
+++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/certs/daveCert.pem
@@ -1,16 +1,19 @@
-----BEGIN CERTIFICATE-----
-MIICeTCCAdqgAwIBAgIBDDAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+MIIDDDCCAm2gAwIBAgIBDzAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODA3MzUxOVoXDTE4MDYwMjA3MzUxOVowXjELMAkGA1UE
+b290IENBMB4XDTE4MDYxMzEyMTAzMVoXDTIzMDYxMTEyMTAzMVowXjELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
-IDM4NCBiaXQxHDAaBgNVBAMUE2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO
-PQIBBgUrgQQAIgNiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwpnPP1dWQl4Dpr
-DokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6QqQt/AtuPjCL7r
-3k3F0Nsj/TGSjRmcMr6jgYEwfzAfBgNVHSMEGDAWgBS6XflxthO1atHduja3qtLB
-7o/Y0jAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMw
-MaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5j
-cmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIB/x2+UiGE5T7229M2Ic2BMYLWSBQlZJeT
-d3uniJb3NAkeQAhDgj0TOxVdMz1SkgScLRS2RKYpsxiVsV+tVuijTMQCQgHn1WtY
-iiSY7OWcX9hQEqWDV0TxoNcgInEhsmtMbseCpR0dYXYsm54oC0pqVBeKp0GC7KJr
-ZEmeb0/mRB56osgppA==
+IDM4NCBiaXQxHDAaBgNVBAMME2RhdmVAc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAAQiPVu1BMrRbeXe2c7zSzBl1UeJfNeM0ocoAfYUe/8KzxU5
+7Gapbm2Gztkm/2V4Zb7PvK3LOKIrUnxNdE0nVvsdIZKSi/BZEm3BQu8lofvwQQxQ
+rWnu3qzwqEfwb0iB2WyjggETMIIBDzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAd
+BgNVHQ4EFgQUDCdvv80iOq2pGsjrnNiQFP2RjnsweAYDVR0jBHEwb4AUul35cbYT
+tWrR3bo2t6rSwe6P2NKhTKRKMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51
+eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2
+onV+Iu+miTAeBgNVHREEFzAVgRNkYXZlQHN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1
+MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9l
+Yy5jcmwwCgYIKoZIzj0EAwIDgYwAMIGIAkIBMxGGwujqlwf+JFNXW/sbxZmynwzq
+duPikzCw0wIq+YhFYJVi2YWDz0Ikfn4WUvoiUIC/uSBAJAw/3E3SHO5I4Y8CQgF2
+d6Ct2ocQwMcz5O00i3BsuOjiHvL3VB3GGG8rfIXAqwUAy4jXQo0bMh2yD+5WwKmP
+GnRyvRuhwRkbBIGt6l1mbA==
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/private/daveKey.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/private/daveKey.pem
index 574c86a2e..40a76935e 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/private/daveKey.pem
+++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/dave/etc/ipsec.d/private/daveKey.pem
@@ -1,6 +1,6 @@
-----BEGIN EC PRIVATE KEY-----
-MIGkAgEBBDCFbFPkGF4ez8EzHm6pTVCr17Q1+GACxn7m0EE4UVoq7RQBNk4NOxhE
-hJZpquwjgqegBwYFK4EEACKhZANiAATVOQOBWOH7PhHx/mc+y5+uDpW/maSCkGwp
-nPP1dWQl4DprDokGZC8P+pm1j0sBvzbSCuHZCAkaSptYavgv4VVJ/X5u89tnj6Qq
-Qt/AtuPjCL7r3k3F0Nsj/TGSjRmcMr4=
+MIGkAgEBBDBz89+bQmsMHvfaCsI0N1bInZ+oxA9JZHZrAAkHGHaWFUQZFXBMB88n
+2+6S2JvUbcygBwYFK4EEACKhZANiAAQiPVu1BMrRbeXe2c7zSzBl1UeJfNeM0oco
+AfYUe/8KzxU57Gapbm2Gztkm/2V4Zb7PvK3LOKIrUnxNdE0nVvsdIZKSi/BZEm3B
+Qu8lofvwQQxQrWnu3qzwqEfwb0iB2Ww=
-----END EC PRIVATE KEY-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
index 3480a434a..a1a86a222 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
+++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/cacerts/strongswanCert.pem
@@ -1,17 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICyDCCAiqgAwIBAgIJAPaidX4i76aJMAkGByqGSM49BAEwSDELMAkGA1UEBhMC
-Q0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xHjAcBgNVBAMTFXN0cm9uZ1N3
-YW4gRUMgUm9vdCBDQTAeFw0wODA2MjIxNDM2MDZaFw0xODA2MjAxNDM2MDZaMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0EwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYA
-BAEUx1NvjNKzbDHaRPMsqIf/6SbUpzBa78N/WIyF6rYj8e5McAqfTfzUfFJZYoQn
-/mbP3VfjOxRuMDjrlfvdgMxwkwFDigWQfHg3CJbS7eQjjO1MrxxIJUtfSTnF29tM
-h6IYMdxaZKloCGCOrpmGCGdxD2/KwoX1SA3BlnjaNt7kSTonkqOBujCBtzAPBgNV
-HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUul35cbYTtWrR3bo2
-t6rSwe6P2NIweAYDVR0jBHEwb4AUul35cbYTtWrR3bo2t6rSwe6P2NKhTKRKMEgx
-CzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQD
-ExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2onV+Iu+miTAJBgcqhkjOPQQBA4GM
-ADCBiAJCAL5pU3X6NYWjOYe0cxrah27UxtUDLUNkFG/Ojl+gOH4QB0CKY0HXNyrq
-cgba73dXF/U0Cg3Ij/9g4Kd9GgYq0GlSAkIAqgqMKqXni8wbeGMJE2Mn2/8aHM3Q
-3flpHSoeNWOe/VzpRviw+VRgA4vbhhKUXBtQSiea77/DXLwOp5w7rkBoEUg=
+MIICUTCCAbKgAwIBAgIJAPaidX4i76aJMAoGCCqGSM49BAMEMEgxCzAJBgNVBAYT
+AkNIMRkwFwYDVQQKExBMaW51eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdT
+d2FuIEVDIFJvb3QgQ0EwHhcNMTMwNjEzMDAwMDAwWhcNMjMwNjEzMDAwMDAwWjBI
+MQswCQYDVQQGEwJDSDEZMBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UE
+AxMVc3Ryb25nU3dhbiBFQyBSb290IENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GG
+AAQBFMdTb4zSs2wx2kTzLKiH/+km1KcwWu/Df1iMheq2I/HuTHAKn0381HxSWWKE
+J/5mz91X4zsUbjA465X73YDMcJMBQ4oFkHx4NwiW0u3kI4ztTK8cSCVLX0k5xdvb
+TIeiGDHcWmSpaAhgjq6ZhghncQ9vysKF9UgNwZZ42jbe5Ek6J5KjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS6XflxthO1atHd
+uja3qtLB7o/Y0jAKBggqhkjOPQQDBAOBjAAwgYgCQgGC5TVO0Yy05OIO9GwQ1X7E
+J08tyxmzQnCPfXKEEUOD+DDnSCcK0aCrGAIZCTmLR7euOCZ8gkPurJbML5RAjJjd
+YQJCAL9qmPe6hWCEEOiOgCsy50nr5Qwo+FfS05ZItrUGVUQZES9BtmpkhjZlAOrA
+ihgk0RArH39otlUFPSbSE9bicCDy
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/certs/moonCert.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/certs/moonCert.pem
index 7bf96cdc8..a71ffdca1 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/certs/moonCert.pem
+++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/certs/moonCert.pem
@@ -1,16 +1,19 @@
-----BEGIN CERTIFICATE-----
-MIICdzCCAdqgAwIBAgIBCDAKBggqhkjOPQQDBDBIMQswCQYDVQQGEwJDSDEZMBcG
+MIIDCzCCAm2gAwIBAgIBFDAKBggqhkjOPQQDAjBIMQswCQYDVQQGEwJDSDEZMBcG
A1UEChMQTGludXggc3Ryb25nU3dhbjEeMBwGA1UEAxMVc3Ryb25nU3dhbiBFQyBS
-b290IENBMB4XDTEzMDYyODA3MjA1MFoXDTE4MDYwMjA3MjA1MFowXjELMAkGA1UE
+b290IENBMB4XDTE4MDYxMzE0MzE1MVoXDTIzMDYxMTE0MzE1MVowXjELMAkGA1UE
BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xFjAUBgNVBAsTDUVDRFNB
IDM4NCBiaXQxHDAaBgNVBAMTE21vb24uc3Ryb25nc3dhbi5vcmcwdjAQBgcqhkjO
-PQIBBgUrgQQAIgNiAAQh4YOVBbRxtdaM7uJvDrZqt6a1jJo+rijEV5Nw1OqU5jlk
-srCtZwcZXrR67MlqzFNyvkHtbcWRuBjL55xjQE+YavKnltuKu42COUhWXh760M/c
-2SNzsjvsJgGXAsiPwiajgYEwfzAfBgNVHSMEGDAWgBS6XflxthO1atHduja3qtLB
-7o/Y0jAeBgNVHREEFzAVghNtb29uLnN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1MDMw
-MaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9lYy5j
-cmwwCgYIKoZIzj0EAwQDgYoAMIGGAkE35mfDj/fFUXGsetoU9l9Kt3jbIKYugJgE
-2gmv/MW8jwrqoP7y6ATHXJkonA6AvEK+o0ZMrae55lIKPkBh5xk3XQJBfp5Eqg6Y
-efRIXUeLksM56fRjVwJS6es7qb8l1q6+c1wC1A3lEHQvAs+kJxFfFyni2oxA923F
-h2eoaYy9vSqET5Q=
+PQIBBgUrgQQAIgNiAAQBXgnLJrtT2zS6BEj4WBRskabmIw8TVo3Q4+MyOBab2jzM
+AVE44VFjo/ihd1YCeTs8KyZY+w8XPnCqm+z+Z9NeU2tN5wLlVYSBwyYzL9+Nhnam
+F6qMSaPBnIE2CK2hgqGjggETMIIBDzAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDAd
+BgNVHQ4EFgQUT4FEmRbCvjxKsXqruiQgzC50pj0weAYDVR0jBHEwb4AUul35cbYT
+tWrR3bo2t6rSwe6P2NKhTKRKMEgxCzAJBgNVBAYTAkNIMRkwFwYDVQQKExBMaW51
+eCBzdHJvbmdTd2FuMR4wHAYDVQQDExVzdHJvbmdTd2FuIEVDIFJvb3QgQ0GCCQD2
+onV+Iu+miTAeBgNVHREEFzAVghNtb29uLnN0cm9uZ3N3YW4ub3JnMDwGA1UdHwQ1
+MDMwMaAvoC2GK2h0dHA6Ly9jcmwuc3Ryb25nc3dhbi5vcmcvc3Ryb25nc3dhbl9l
+Yy5jcmwwCgYIKoZIzj0EAwIDgYsAMIGHAkIAhHCvrcHfCJbPcNDdyT4x3F3V2wq7
+96TzcVzlLJ+zSxr3Xo3eqOZaxAlnnoI4aQIukZ0RXzSCebDrOL9+k+5uRakCQU9k
+W5MphqYKOys+lQmpKBEnzZlM1QvFfUUiXwoxN8Ilc9c0nSVXKl9m/uPgP7GZjvaE
+J4juvRKmi2nMoxWIJtMt
-----END CERTIFICATE-----
diff --git a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/private/moonKey.pem b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/private/moonKey.pem
index 231aa3bdc..ba7520f6c 100644
--- a/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/private/moonKey.pem
+++ b/testing/tests/openssl-ikev2/rw-suite-b-192/hosts/moon/etc/ipsec.d/private/moonKey.pem
@@ -1,6 +1,6 @@
-----BEGIN EC PRIVATE KEY-----
-MIGkAgEBBDDlpnLnnwL+nIt/+e+cY2PoTtyHPM10qgck9nYj/f3bPd3ZfiraSBhZ
-KttBZfw5xQKgBwYFK4EEACKhZANiAAQh4YOVBbRxtdaM7uJvDrZqt6a1jJo+rijE
-V5Nw1OqU5jlksrCtZwcZXrR67MlqzFNyvkHtbcWRuBjL55xjQE+YavKnltuKu42C
-OUhWXh760M/c2SNzsjvsJgGXAsiPwiY=
+MIGkAgEBBDDuG7KDU5nek/TFvZQIxg89wevYYa1/EDyQHLFanmbK1DTx07Wv9D/b
+BL5sHWEPNMGgBwYFK4EEACKhZANiAAQBXgnLJrtT2zS6BEj4WBRskabmIw8TVo3Q
+4+MyOBab2jzMAVE44VFjo/ihd1YCeTs8KyZY+w8XPnCqm+z+Z9NeU2tN5wLlVYSB
+wyYzL9+NhnamF6qMSaPBnIE2CK2hgqE=
-----END EC PRIVATE KEY-----
diff --git a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/iptables.rules b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/iptables.rules
index 792fc56bc..2d9a466b0 100644
--- a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/iptables.rules
+++ b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/iptables.rules
@@ -5,8 +5,8 @@
-P OUTPUT DROP
-P FORWARD DROP
-# allow bootps (in relay mode also in OUTPUT)
--A OUTPUT -p udp --sport bootps --dport bootps -j ACCEPT
+# allow bootpc and bootps
+-A OUTPUT -p udp --sport bootpc --dport bootps -j ACCEPT
-A INPUT -p udp --sport bootps --dport bootps -j ACCEPT
# allow broadcasts from eth1
diff --git a/testing/tests/swanctl/frags-ipv4/evaltest.dat b/testing/tests/swanctl/frags-ipv4/evaltest.dat
index 4b0455667..0bae44ad2 100755
--- a/testing/tests/swanctl/frags-ipv4/evaltest.dat
+++ b/testing/tests/swanctl/frags-ipv4/evaltest.dat
@@ -1,12 +1,12 @@
-carol:: cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES
-dave:: cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES
-moon:: cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES
+carol:: cat /var/log/daemon.log::splitting IKE message (.*bytes) into 2 fragments::YES
+dave:: cat /var/log/daemon.log::splitting IKE message (.*bytes) into 2 fragments::YES
+moon:: cat /var/log/daemon.log::splitting IKE message (.*bytes) into 2 fragments::YES
carol:: cat /var/log/daemon.log::received fragment #1, waiting for complete IKE message::YES
-carol:: cat /var/log/daemon.log::received fragment #2, reassembling fragmented IKE message::YES
+carol:: cat /var/log/daemon.log::received fragment #2, reassembled fragmented IKE message::YES
dave:: cat /var/log/daemon.log::received fragment #1 of 2, waiting for complete IKE message::YES
-dave:: cat /var/log/daemon.log::received fragment #2 of 2, reassembling fragmented IKE message::YES
+dave:: cat /var/log/daemon.log::received fragment #2 of 2, reassembled fragmented IKE message::YES
moon:: cat /var/log/daemon.log::received fragment #1 of 2, waiting for complete IKE message::YES
-moon:: cat /var/log/daemon.log::received fragment #2 of 2, reassembling fragmented IKE message::YES
+moon:: cat /var/log/daemon.log::received fragment #2 of 2, reassembled fragmented IKE message::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=192.168.0.100 local-port=500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=192.168.0.1 local-port=500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
diff --git a/testing/tests/swanctl/frags-ipv6/evaltest.dat b/testing/tests/swanctl/frags-ipv6/evaltest.dat
index 18814f65e..f7af441a4 100755
--- a/testing/tests/swanctl/frags-ipv6/evaltest.dat
+++ b/testing/tests/swanctl/frags-ipv6/evaltest.dat
@@ -1,12 +1,12 @@
-carol:: cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES
-dave:: cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES
-moon:: cat /var/log/daemon.log::splitting IKE message with length of .*bytes into 2 fragments::YES
+carol:: cat /var/log/daemon.log::splitting IKE message (.*bytes) into 2 fragments::YES
+dave:: cat /var/log/daemon.log::splitting IKE message (.*bytes) into 2 fragments::YES
+moon:: cat /var/log/daemon.log::splitting IKE message (.*bytes) into 2 fragments::YES
carol:: cat /var/log/daemon.log::received fragment #1, waiting for complete IKE message::YES
-carol:: cat /var/log/daemon.log::received fragment #2, reassembling fragmented IKE message::YES
+carol:: cat /var/log/daemon.log::received fragment #2, reassembled fragmented IKE message::YES
dave:: cat /var/log/daemon.log::received fragment #1 of 2, waiting for complete IKE message::YES
-dave:: cat /var/log/daemon.log::received fragment #2 of 2, reassembling fragmented IKE message::YES
+dave:: cat /var/log/daemon.log::received fragment #2 of 2, reassembled fragmented IKE message::YES
moon:: cat /var/log/daemon.log::received fragment #1 of 2, waiting for complete IKE message::YES
-moon:: cat /var/log/daemon.log::received fragment #2 of 2, reassembling fragmented IKE message::YES
+moon:: cat /var/log/daemon.log::received fragment #2 of 2, reassembled fragmented IKE message::YES
carol::swanctl --list-sas --raw 2> /dev/null::home.*version=1 state=ESTABLISHED local-host=fec0:\:10 local-port=500 local-id=carol@strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:10/128] remote-ts=\[fec1:\:/16]::YES
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=fec0:\:20 local-port=500 local-id=dave@strongswan.org remote-host=fec0:\:1 remote-port=500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec0:\:20/128] remote-ts=\[fec1:\:/16]::YES
moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=1 state=ESTABLISHED local-host=fec0:\:1 local-port=500 local-id=moon.strongswan.org remote-host=fec0:\:10 remote-port=500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=ECP_256.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128.*local-ts=\[fec1:\:/16] remote-ts=\[fec0:\:10/128]::YES
diff --git a/testing/tests/swanctl/multi-level-ca/evaltest.dat b/testing/tests/swanctl/multi-level-ca/evaltest.dat
index 050a35db3..e6ec6b2ff 100644
--- a/testing/tests/swanctl/multi-level-ca/evaltest.dat
+++ b/testing/tests/swanctl/multi-level-ca/evaltest.dat
@@ -11,7 +11,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED.
moon:: swanctl --list-sas --raw 2> /dev/null::sales.*version=2 state=ESTABLISHED.*remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*child-sas.*venus.*state=INSTALLED::NO
dave:: cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
moon:: cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES
-moon:: cat /var/log/daemon.log::selected peer config.*research.*inacceptable::YES
+moon:: cat /var/log/daemon.log::selected peer config.*research.*unacceptable::YES
moon:: cat /var/log/daemon.log::switching to peer config.*sales::YES
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED.*child-sas.*alice.*state=INSTALLED::NO
moon:: swanctl --list-sas --raw 2> /dev/null::research.*version=2 state=ESTABLISHED.*remote-host=192.168.0.100 remote-port=4500 remote-id=dave@strongswan.org.*child-sas.*alice.*state=INSTALLED::NO
diff --git a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf
index cdf6bcaf5..aeea94e1f 100755
--- a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf
+++ b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/swanctl/swanctl.conf
@@ -11,7 +11,7 @@ connections {
id = moon.strongswan.org
}
children {
- net-moon {
+ net {
local_ts = 10.2.0.0/16
remote_ts = 10.1.0.0/16
@@ -23,27 +23,16 @@ connections {
mobike = no
proposals = aes128-sha256-x25519
}
- gw-sun {
- local {
- auth = pubkey
- certs = carolCert.pem
- id = carol@strongswan.org
- }
+
+ gw-sun : connections.gw-moon {
remote {
- auth = pubkey
id = sun.strongswan.org
}
children {
- net-sun {
+ net {
local_ts = 10.1.0.0/16
remote_ts = 10.2.0.0/16
-
- updown = /usr/local/libexec/ipsec/_updown iptables
- esp_proposals = aes128gcm128-modp3072
}
}
- version = 2
- mobike = no
- proposals = aes128-sha256-modp3072
}
}
diff --git a/testing/tests/swanctl/ocsp-multi-level/evaltest.dat b/testing/tests/swanctl/ocsp-multi-level/evaltest.dat
index 2f3c34622..87ef4319b 100644
--- a/testing/tests/swanctl/ocsp-multi-level/evaltest.dat
+++ b/testing/tests/swanctl/ocsp-multi-level/evaltest.dat
@@ -18,7 +18,7 @@ carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED.
moon:: swanctl --list-sas --raw 2> /dev/null::sales.*version=2 state=ESTABLISHED.*remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*child-sas.*venus.*state=INSTALLED::NO
dave:: cat /var/log/daemon.log::received TS_UNACCEPTABLE notify, no CHILD_SA built::YES
moon:: cat /var/log/daemon.log::constraint check failed: peer not authenticated by.*Research CA::YES
-moon:: cat /var/log/daemon.log::selected peer config.*research.*inacceptable::YES
+moon:: cat /var/log/daemon.log::selected peer config.*research.*unacceptable::YES
moon:: cat /var/log/daemon.log::switching to peer config.*sales::YES
dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED.*child-sas.*alice.*state=INSTALLED::NO
moon:: swanctl --list-sas --raw 2> /dev/null::research.*version=2 state=ESTABLISHED.*remote-host=192.168.0.100 remote-port=4500 remote-id=dave@strongswan.org.*child-sas.*alice.*state=INSTALLED::NO
diff --git a/testing/tests/swanctl/rw-cert-ppk/description.txt b/testing/tests/swanctl/rw-cert-ppk/description.txt
new file mode 100755
index 000000000..53e103359
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-ppk/description.txt
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>
+and includes a <b>Postquantum Preshared Key (PPK)</b> that's also mixed into the
+derived key material. The PPK_ID used by <b>dave</b> is unknown to <b>moon</b>
+but since both peers don't enforce the use of a PPK they fall back to regular
+authentication by use of the authentication data provided in the NO_PPK_AUTH
+notify.
+Upon the successful establishment of the IPsec tunnels, the updown script
+automatically inserts iptables-based firewall rules that let pass the tunneled traffic.
+In order to test both tunnel and firewall, both <b>carol</b> and <b>dave</b> ping
+the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/swanctl/rw-cert-ppk/evaltest.dat b/testing/tests/swanctl/rw-cert-ppk/evaltest.dat
new file mode 100755
index 000000000..4138124a7
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-ppk/evaltest.dat
@@ -0,0 +1,15 @@
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519 ppk=yes.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519 ppk=yes.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
+carol::cat /var/log/daemon.log::using PPK for PPK_ID 'ppk-carol@strongswan.org'::YES
+dave:: cat /var/log/daemon.log::peer didn't use PPK for PPK_ID 'ppk-dave@strongswan.org'::YES
+moon:: cat /var/log/daemon.log::using PPK for PPK_ID 'ppk-carol@strongswan.org'::YES
+moon:: cat /var/log/daemon.log::no PPK for 'ppk-dave@strongswan.org' found, ignored because PPK is not required::YES
+moon:: cat /var/log/daemon.log::no PPK available, using NO_PPK_AUTH notify::YES
+alice::ping -c 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
+alice::ping -c 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/rw-cert-ppk/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-cert-ppk/hosts/carol/etc/strongswan.conf
new file mode 100755
index 000000000..b415e075c
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-ppk/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+}
diff --git a/testing/tests/swanctl/rw-cert-ppk/hosts/carol/etc/swanctl/rsa/carolKey.pem b/testing/tests/swanctl/rw-cert-ppk/hosts/carol/etc/swanctl/rsa/carolKey.pem
new file mode 100644
index 000000000..1454ec54c
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-ppk/hosts/carol/etc/swanctl/rsa/carolKey.pem
@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,7E1D40A7901772BA4D22AF58AA2DC76F
+
+1jt4EsxtHvgpSLN8PA/kSVKgoAsBEBQb8RK6VGnZywMCnpJdLKdPisGGYKNPg53b
+/0AFBmQVE60M8icbSAIUrAtyKxaBkoc9A7ibNCjobi0UzXTm3GcZZ1EC4/lE9PQZ
+/2FbcPgQWN3kZraZDkeP9XBXl6PorES8xvQUxJ9pd4hL7/c28fIApGhEimkIZO8o
+Qb7bR2cNCLYQAR6PeDoqhV39gvWoh77wp1WB3tQVbkS6MI/xl3wY2QVdq3Sbszh+
+f6lDU/SZS8BU0f44FRoInPp0GasgJ7MCiuEIshjuNPa50QkMcnNJsSgVEuw2hjN6
+LvAXx7vPt9pKpQfnu7YSJUsXDYN6PyXt7sZ8hDqraYIcI6eMpEBaTpItPSV2eckv
+06KC24Oa66E1yufNFAY49S2OY+pJA0W5zmcCqCjdrfJ+wNQYKZpbrfGz4VRzlFJC
+e3VkmAFwA5rcZdlp/mU2XREy+TaWsHMnpL0NcMHGmsfkTgaJIkRWalrdxlNTeitr
+3boNHWk0ESyMcBYRpM3eNXsGpiYy93u0bhrPbnqJsV6miKqpbs1aBNjlJ9s1Y2fC
+sko5/v7uMjb5tLF3lWQZfTu+bYtpGxFrqHJjhd8yd4gL1cFi30JcjczhwRY3Dily
+c0BFekMGmPc1djn6tfIFu13X9xTxyidCpVaT9UGnOaQs9OF1u8XAnZDaQgPwjLiy
+UlOE8xQ60LrhWLD582FsFnZz56bZ+QOQRWDMsB8nJeqnFXKfcRlnr0qlG6lTfA8h
+XkK/qGpdVvivS+CpbhVP6ixdEfa91Rx4NjLj53LGqOYwFEkM/OAIuMJetBfx3v9T
+iQfv594KE32nv9besnKlmJr2cGQWBYg1pUOtFj/aZ00yuXacv8qwzbrt4xGGDYGO
+Aj5Yf93UEcVkTySO1xJ1yiC6GJv1lLm0i5StwykHypxFijKe/zOpgtHVa5v5igjO
+v6cfhfJGGgIPTYrtt+EDKXcayvy2e2U/3HYVCHYiiMPX8AvP/R6m7MGrzYxm/WyO
+t68EWXSDLfuR3qcIlpP4aSBxuSpKhY/dIkS/beKZ7Njx1s4jSuYDMbKuuCRFSU2H
+8ISHS0kh3FetiS8IyIYzxab+KQZwnVtiGj4oaAhgFTIIoH26Fv5+xka74JdzOSUA
+jR9puKuxaegVWQVBx4cCyg6hAdewRm64PAcbApZWrPvMPBfTZFnXeifmaurcdK8p
+p/1eLrrPnNM6+Fh6lcKdX74yHPz3eWP3K1njZegzWnChhEWElPhJr6qYNQjd+lAS
+7650RJ3CJLUxBffnRR9nTArxFNI5jGWg/plLJTaRT5x5qg1dGNMqntpoeiY++Ttk
+GFDGVIOICBze6SOvzkZBbuXLJSWmWj5g9J2cYsLoOvlwsDT7FzKl8p6VY4V+SQb+
+4PN8qZWmOeczaLEhZ1QLmTKFpz9+wUZsXeBd1s78bWJR0zhraMPa0UJ9GBGq6uQ0
+yZ4Xm5KHKcgoewCUQMekU9ECsmR5NuC7VFDaa1OdPEVnEYR1xtaWUY0lYKOiixnd
++85fSq/yAXI/r0O4ISA55o9y1kDqVibTwJacb6xXGg8dHSH+TtigwD8fK9mekkDC
+-----END RSA PRIVATE KEY-----
diff --git a/testing/tests/swanctl/rw-cert-ppk/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert-ppk/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..4d0057c94
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-ppk/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,42 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+
+ ppk_id = ppk-carol@strongswan.org
+ ppk_required = yes
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ rsa-carol {
+ file = carolKey.pem
+ secret = "nH5ZQEWtku0RJEZ6"
+ }
+ ppk-carol {
+ id = ppk-carol@strongswan.org
+ secret = 0x98c61dd0f8c7daf07759617546f7b3ae156f19a7bc935c61523c7ca998e5eedb
+ }
+}
diff --git a/testing/tests/swanctl/rw-cert-ppk/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-cert-ppk/hosts/dave/etc/strongswan.conf
new file mode 100755
index 000000000..b415e075c
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-ppk/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+}
diff --git a/testing/tests/swanctl/rw-cert-ppk/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert-ppk/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..63282479f
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-ppk/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,38 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.200
+ remote_addrs = 192.168.0.1
+
+ ppk_id = ppk-dave@strongswan.org
+ ppk_required = no
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ ppk-dave {
+ id = ppk-dave@strongswan.org
+ secret = 0x06918e49398db61094438a5be8b743894f155f4e8521e6bcd1d47690557e4b13
+ }
+} \ No newline at end of file
diff --git a/testing/tests/swanctl/rw-cert-ppk/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-cert-ppk/hosts/moon/etc/strongswan.conf
new file mode 100755
index 000000000..b415e075c
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-ppk/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+}
diff --git a/testing/tests/swanctl/rw-cert-ppk/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-cert-ppk/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..f6c05695d
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-ppk/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,33 @@
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ }
+ children {
+ net {
+ local_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ ppk-carol {
+ id = ppk-carol@strongswan.org
+ secret = 0x98c61dd0f8c7daf07759617546f7b3ae156f19a7bc935c61523c7ca998e5eedb
+ }
+}
diff --git a/testing/tests/swanctl/rw-cert-ppk/posttest.dat b/testing/tests/swanctl/rw-cert-ppk/posttest.dat
new file mode 100755
index 000000000..b909ac76c
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-ppk/posttest.dat
@@ -0,0 +1,8 @@
+carol::swanctl --terminate --ike home
+dave::swanctl --terminate --ike home
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-cert-ppk/pretest.dat b/testing/tests/swanctl/rw-cert-ppk/pretest.dat
new file mode 100755
index 000000000..dd1a17ccb
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-ppk/pretest.dat
@@ -0,0 +1,11 @@
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
+moon::expect-connection rw
+carol::expect-connection home
+carol::swanctl --initiate --child home 2> /dev/null
+dave::expect-connection home
+dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-cert-ppk/test.conf b/testing/tests/swanctl/rw-cert-ppk/test.conf
new file mode 100755
index 000000000..1227b9d1c
--- /dev/null
+++ b/testing/tests/swanctl/rw-cert-ppk/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/description.txt b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/description.txt
new file mode 100644
index 000000000..fb8449068
--- /dev/null
+++ b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/description.txt
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection to gateway <b>moon</b>.
+At the outset the gateway authenticates itself to the clients by sending
+an IKEv2 <b>RSA signature</b> accompanied by a certificate.
+The roadwarrios then use the <i>Extensible Authentication Protocol</i>
+in association with an <i>MD5</i> challenge and response protocol
+(<b>EAP-MD5</b>) to authenticate against the gateway <b>moon</b> and includes
+a <b>Postquantum Preshared Key (PPK)</b> that's also mixed into the
+derived key material. The PPK_ID used by <b>dave</b> is unknown to <b>moon</b>
+but since both peers don't enforce the use of a PPK they fall back to regular
+authentication by use of the authentication data provided in the NO_PPK_AUTH
+notify.
diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/evaltest.dat b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/evaltest.dat
new file mode 100644
index 000000000..b02c21257
--- /dev/null
+++ b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/evaltest.dat
@@ -0,0 +1,27 @@
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES
+carol::cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
+carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+carol::cat /var/log/daemon.log::using PPK for PPK_ID 'ppk-carol@strongswan.org'::YES
+dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES
+dave:: cat /var/log/daemon.log::server requested EAP_MD5 authentication::YES
+dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with EAP successful::YES
+dave:: cat /var/log/daemon.log::peer didn't use PPK for PPK_ID 'ppk-dave@strongswan.org'::YES
+moon:: cat /var/log/daemon.log::received EAP identity.*carol
+moon:: cat /var/log/daemon.log::EAP method EAP_MD5 succeeded, no MSK established
+moon:: cat /var/log/daemon.log::authentication of '192.168.0.100' with EAP successful::YES
+moon:: cat /var/log/daemon.log::received EAP identity.*dave
+moon:: cat /var/log/daemon.log::EAP method EAP_MD5 succeeded, no MSK established
+moon:: cat /var/log/daemon.log::authentication of '192.168.0.200' with EAP successful::YES
+moon:: cat /var/log/daemon.log::using PPK for PPK_ID 'ppk-carol@strongswan.org'::YES
+moon:: cat /var/log/daemon.log::no PPK for 'ppk-dave@strongswan.org' found, ignored because PPK is not required::YES
+moon:: cat /var/log/daemon.log::no PPK available, using NO_PPK_AUTH notify::YES
+carol::ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=192.168.0.100 remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519 ppk=yes.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+dave:: ping -c 1 PH_IP_ALICE::64 bytes from PH_IP_ALICE: icmp_.eq=1::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=192.168.0.200 remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw-eap.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=192.168.0.100.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519 ppk=yes.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw-eap.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=192.168.0.200.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/strongswan.conf
new file mode 100644
index 000000000..d2cc789b3
--- /dev/null
+++ b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown
+}
diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..b01ce7289
--- /dev/null
+++ b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,41 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+
+ ppk_id = ppk-carol@strongswan.org
+ ppk_required = yes
+
+ local {
+ auth = eap
+ eap_id = carol
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ eap-carol {
+ id = carol
+ secret = Ar3etTnp
+ }
+ ppk-carol {
+ id = ppk-carol@strongswan.org
+ secret = 0x98c61dd0f8c7daf07759617546f7b3ae156f19a7bc935c61523c7ca998e5eedb
+ }
+}
diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/strongswan.conf
new file mode 100644
index 000000000..d2cc789b3
--- /dev/null
+++ b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown
+}
diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..f288788a9
--- /dev/null
+++ b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,39 @@
+connections {
+
+ home {
+ remote_addrs = 192.168.0.1
+
+ ppk_id = ppk-dave@strongswan.org
+
+ local {
+ auth = eap
+ eap_id = dave
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ eap-dave {
+ id = dave
+ secret = W7R0g3do
+ }
+ ppk-dave {
+ id = ppk-dave@strongswan.org
+ secret = 0x06918e49398db61094438a5be8b743894f155f4e8521e6bcd1d47690557e4b13
+ }
+}
diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/strongswan.conf
new file mode 100644
index 000000000..d2cc789b3
--- /dev/null
+++ b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce aes md5 sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default eap-identity eap-md5 updown
+}
diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..f4485ced1
--- /dev/null
+++ b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,44 @@
+connections {
+
+ rw-eap {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = eap-md5
+ eap_id = %any
+ }
+ children {
+ net {
+ local_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ send_certreq = no
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ eap-carol {
+ id = carol
+ secret = Ar3etTnp
+ }
+ eap-dave {
+ id = dave
+ secret = W7R0g3do
+ }
+ ppk-carol {
+ id = ppk-carol@strongswan.org
+ secret = 0x98c61dd0f8c7daf07759617546f7b3ae156f19a7bc935c61523c7ca998e5eedb
+ }
+}
+
diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/posttest.dat b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/posttest.dat
new file mode 100644
index 000000000..46536ef80
--- /dev/null
+++ b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/posttest.dat
@@ -0,0 +1,8 @@
+carol::swanctl --terminate --ike home
+carol::systemctl stop strongswan-swanctl
+dave::swanctl --terminate --ike home
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/pretest.dat b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/pretest.dat
new file mode 100644
index 000000000..9ae476e64
--- /dev/null
+++ b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/pretest.dat
@@ -0,0 +1,13 @@
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+carol::cd /etc/swanctl; rm rsa/* x509/*
+dave::cd /etc/swanctl; rm rsa/* x509/*
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
+moon::expect-connection rw-eap
+carol::expect-connection home
+carol::swanctl --initiate --child home 2> /dev/null
+dave::expect-connection home
+dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/test.conf b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/test.conf
new file mode 100644
index 000000000..842f4b38d
--- /dev/null
+++ b/testing/tests/swanctl/rw-eap-md5-id-rsa-ppk/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice carol moon dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/swanctl/rw-ed25519-certpol/description.txt b/testing/tests/swanctl/rw-ed25519-certpol/description.txt
new file mode 100755
index 000000000..00f552939
--- /dev/null
+++ b/testing/tests/swanctl/rw-ed25519-certpol/description.txt
@@ -0,0 +1,6 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
+to gateway <b>moon</b>. The authentication is based on <b>X.509 certificates</b>
+containing <b>Ed25519</b> keys. The CA defines two certificate policies
+<b>1.3.6.1.4.1.36906.1.1.1</b> and <b>1.3.6.1.4.1.36906.1.1.2</b>, the former one
+contained in <b>carol</b>'s certificate. Since gateway <b>moon</b> enforces this
+certificate policy, <b>carol</b> is accepted whereas <b>dave</b> is rejected.
diff --git a/testing/tests/swanctl/rw-ed25519-certpol/evaltest.dat b/testing/tests/swanctl/rw-ed25519-certpol/evaltest.dat
new file mode 100755
index 000000000..0e8593d4e
--- /dev/null
+++ b/testing/tests/swanctl/rw-ed25519-certpol/evaltest.dat
@@ -0,0 +1,12 @@
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*::NO
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*::NO
+moon::cat /var/log/daemon.log::constraint requires cert policy 1.3.6.1.4.1.36906.1.1.1::YES
+dave::cat /var/log/daemon.log::received AUTHENTICATION_FAILED notify error::YES
+alice::ping -c 1 -W 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
+alice::ping -c 1 -W 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::NO
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::NO
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::NO
diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/strongswan.conf
new file mode 100755
index 000000000..91a05eabc
--- /dev/null
+++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce sha1 sha2 aes hmac pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+}
diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/pkcs8/carolKey.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/pkcs8/carolKey.pem
new file mode 100644
index 000000000..5c3e2623d
--- /dev/null
+++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/pkcs8/carolKey.pem
@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEIJk9u+XHU+E8YNCuj/bTDVRHbWDk2NzCyrTFqtzWRAv8
+-----END PRIVATE KEY-----
diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..9990cf319
--- /dev/null
+++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,27 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = carolCert.pem
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/x509/carolCert.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/x509/carolCert.pem
new file mode 100644
index 000000000..70d7664af
--- /dev/null
+++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/x509/carolCert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB/DCCAa6gAwIBAgIBBTAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT
+EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5
+IFJvb3QgQ0EwHhcNMTgwNjIxMTQzMDU1WhcNMjMwNjIxMTQzMDU1WjBbMQswCQYD
+VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF
+ZDI1NTE5MR0wGwYDVQQDDBRjYXJvbEBzdHJvbmdzd2FuLm9yZzAqMAUGAytlcAMh
+APtwTFkrXyLYOWm9zlNm+ASZ3LzmpWmB2OwqnWZlFIXVo4GiMIGfMB8GA1UdIwQY
+MBaAFCNOkpAKSIb2BV3+ead2AzqOcNj4MB8GA1UdEQQYMBaBFGNhcm9sQHN0cm9u
+Z3N3YW4ub3JnMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwuc3Ryb25nc3dh
+bi5vcmcvc3Ryb25nc3dhbl9lZDI1NTE5LmNybDAYBgNVHSAEETAPMA0GCysGAQQB
+gqAqAQEBMAUGAytlcANBAJAqyQd0TjQUTba+9NzVdboKhq3D6I/go7wjzx9G2O5s
+xn1QimUMNHpY4i8eDD9ISvZIR2sziZgm79zV/sY1bQw=
+-----END CERTIFICATE-----
diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem
new file mode 100644
index 000000000..ec34ff0b0
--- /dev/null
+++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/carol/etc/swanctl/x509ca/strongswanCert.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBvzCCAXGgAwIBAgIIVuORAxPNUTQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw
+GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g
+RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow
+TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG
+A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G
+lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNrMGkwDwYDVR0TAQH/BAUwAwEB
+/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4
+MCcGA1UdIAQgMB4wDQYLKwYBBAGCoCoBAQEwDQYLKwYBBAGCoCoBAQIwBQYDK2Vw
+A0EAmmq2gRBc3uVIa0e+LVHfAdWZ+PQU6aiwAqVMTK2aiaU4BECpNQE2MLYKMxWg
+GjZr7I5qruXG76jCbjDTlGSbBA==
+-----END CERTIFICATE-----
diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/strongswan.conf
new file mode 100755
index 000000000..91a05eabc
--- /dev/null
+++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce sha1 sha2 aes hmac pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+}
diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/pkcs8/daveKey.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/pkcs8/daveKey.pem
new file mode 100644
index 000000000..bf84ef3dd
--- /dev/null
+++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/pkcs8/daveKey.pem
@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEIF17ReOyn64y7tmC11XyYzcALKmu9lkS0VnWSd0l54FX
+-----END PRIVATE KEY-----
diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..2c5c8f3ee
--- /dev/null
+++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,27 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.200
+ remote_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = daveCert.pem
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = pubkey
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/x509/daveCert.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/x509/daveCert.pem
new file mode 100644
index 000000000..18f0e088c
--- /dev/null
+++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/x509/daveCert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB4DCCAZKgAwIBAgIBBDAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT
+EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5
+IFJvb3QgQ0EwHhcNMTYxMjA0MjIzODQwWhcNMjExMjA0MjIzODQwWjBaMQswCQYD
+VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF
+ZDI1NTE5MRwwGgYDVQQDDBNkYXZlQHN0cm9uZ3N3YW4ub3JnMCowBQYDK2VwAyEA
+fYCNzyBpr3lne+kVB27q7O7TvMkERDB9kRnzNSx30hijgYcwgYQwHwYDVR0jBBgw
+FoAUI06SkApIhvYFXf55p3YDOo5w2PgwHgYDVR0RBBcwFYETZGF2ZUBzdHJvbmdz
+d2FuLm9yZzBBBgNVHR8EOjA4MDagNKAyhjBodHRwOi8vY3JsLnN0cm9uZ3N3YW4u
+b3JnL3N0cm9uZ3N3YW5fZWQyNTUxOS5jcmwwBQYDK2VwA0EAEG4SjQX49xhuMiyn
+86uOCxDWy08KUQRBLoqan+cPfYDPgCbblpbmJOoCBtcUyzEYQ+L/gCQzwLAUZSbK
+MEj7Dg==
+-----END CERTIFICATE-----
diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem
new file mode 100644
index 000000000..ec34ff0b0
--- /dev/null
+++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/dave/etc/swanctl/x509ca/strongswanCert.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBvzCCAXGgAwIBAgIIVuORAxPNUTQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw
+GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g
+RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow
+TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG
+A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G
+lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNrMGkwDwYDVR0TAQH/BAUwAwEB
+/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4
+MCcGA1UdIAQgMB4wDQYLKwYBBAGCoCoBAQEwDQYLKwYBBAGCoCoBAQIwBQYDK2Vw
+A0EAmmq2gRBc3uVIa0e+LVHfAdWZ+PQU6aiwAqVMTK2aiaU4BECpNQE2MLYKMxWg
+GjZr7I5qruXG76jCbjDTlGSbBA==
+-----END CERTIFICATE-----
diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/strongswan.conf
new file mode 100755
index 000000000..b81a8a61a
--- /dev/null
+++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,13 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
+}
+
+charon-systemd {
+ load = random nonce sha1 sha2 aes hmac pem pkcs1 pkcs8 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
+ syslog {
+ daemon {
+ default = 1 }
+ }
+}
diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/pkcs8/moonKey.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/pkcs8/moonKey.pem
new file mode 100644
index 000000000..491d36430
--- /dev/null
+++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/pkcs8/moonKey.pem
@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEIKF9TGaPwvVmqoqowy6y8anmPMKpSi9bKc310bbXBMtk
+-----END PRIVATE KEY-----
diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..1cc6ea429
--- /dev/null
+++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,26 @@
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+
+ local {
+ auth = pubkey
+ certs = moonCert.pem
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = pubkey
+ cert_policy = 1.3.6.1.4.1.36906.1.1.1
+ }
+ children {
+ net {
+ local_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/x509/moonCert.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/x509/moonCert.pem
new file mode 100644
index 000000000..e67b224b6
--- /dev/null
+++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/x509/moonCert.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB9TCCAaegAwIBAgIBATAFBgMrZXAwTzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoT
+EnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEGA1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5
+IFJvb3QgQ0EwHhcNMTYxMjA0MjI0MDQyWhcNMjExMjA0MjI0MDQyWjBaMQswCQYD
+VQQGEwJDSDEbMBkGA1UEChMSc3Ryb25nU3dhbiBQcm9qZWN0MRAwDgYDVQQLEwdF
+ZDI1NTE5MRwwGgYDVQQDExNtb29uLnN0cm9uZ3N3YW4ub3JnMCowBQYDK2VwAyEA
+4X/jpRSEXr0/TmIHTOj7FqllkP+3e+ljkAU1FtYnX5ijgZwwgZkwHwYDVR0jBBgw
+FoAUI06SkApIhvYFXf55p3YDOo5w2PgwHgYDVR0RBBcwFYITbW9vbi5zdHJvbmdz
+d2FuLm9yZzATBgNVHSUEDDAKBggrBgEFBQcDATBBBgNVHR8EOjA4MDagNKAyhjBo
+dHRwOi8vY3JsLnN0cm9uZ3N3YW4ub3JnL3N0cm9uZ3N3YW5fZWQyNTUxOS5jcmww
+BQYDK2VwA0EAOjD6PXrI3R8Wj55gstR2FtT0Htu4vV2jCRekts8O0++GNVMn65BX
+8ohW9fH7Ie2JTSOb0wzX+TPuMUAkLutUBA==
+-----END CERTIFICATE-----
diff --git a/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem
new file mode 100644
index 000000000..ec34ff0b0
--- /dev/null
+++ b/testing/tests/swanctl/rw-ed25519-certpol/hosts/moon/etc/swanctl/x509ca/strongswanCert.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBvzCCAXGgAwIBAgIIVuORAxPNUTQwBQYDK2VwME8xCzAJBgNVBAYTAkNIMRsw
+GQYDVQQKExJzdHJvbmdTd2FuIFByb2plY3QxIzAhBgNVBAMTGnN0cm9uZ1N3YW4g
+RWQyNTUxOSBSb290IENBMB4XDTE2MTIwNDIyMzU1NloXDTI2MTIwNDIyMzU1Nlow
+TzELMAkGA1UEBhMCQ0gxGzAZBgNVBAoTEnN0cm9uZ1N3YW4gUHJvamVjdDEjMCEG
+A1UEAxMac3Ryb25nU3dhbiBFZDI1NTE5IFJvb3QgQ0EwKjAFBgMrZXADIQAKMO0G
+lvjTLC7k8FoSp78rca3x++nvf9xPACSqnBg5UKNrMGkwDwYDVR0TAQH/BAUwAwEB
+/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFCNOkpAKSIb2BV3+ead2AzqOcNj4
+MCcGA1UdIAQgMB4wDQYLKwYBBAGCoCoBAQEwDQYLKwYBBAGCoCoBAQIwBQYDK2Vw
+A0EAmmq2gRBc3uVIa0e+LVHfAdWZ+PQU6aiwAqVMTK2aiaU4BECpNQE2MLYKMxWg
+GjZr7I5qruXG76jCbjDTlGSbBA==
+-----END CERTIFICATE-----
diff --git a/testing/tests/swanctl/rw-ed25519-certpol/posttest.dat b/testing/tests/swanctl/rw-ed25519-certpol/posttest.dat
new file mode 100755
index 000000000..57fda649c
--- /dev/null
+++ b/testing/tests/swanctl/rw-ed25519-certpol/posttest.dat
@@ -0,0 +1,11 @@
+carol::swanctl --terminate --ike home
+dave::swanctl --terminate --ike home
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
+carol::rm /etc/swanctl/pkcs8/*
+dave::rm /etc/swanctl/pkcs8/*
+moon::rm /etc/swanctl/pkcs8/*
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-ed25519-certpol/pretest.dat b/testing/tests/swanctl/rw-ed25519-certpol/pretest.dat
new file mode 100755
index 000000000..34b118c1d
--- /dev/null
+++ b/testing/tests/swanctl/rw-ed25519-certpol/pretest.dat
@@ -0,0 +1,14 @@
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+moon::rm /etc/swanctl/rsa/*
+carol::rm /etc/swanctl/rsa/*
+dave::rm /etc/swanctl/rsa/*
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
+moon::expect-connection rw
+carol::expect-connection home
+carol::swanctl --initiate --child home 2> /dev/null
+dave::expect-connection home
+dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-ed25519-certpol/test.conf b/testing/tests/swanctl/rw-ed25519-certpol/test.conf
new file mode 100755
index 000000000..1227b9d1c
--- /dev/null
+++ b/testing/tests/swanctl/rw-ed25519-certpol/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/swanctl/rw-psk-ppk/description.txt b/testing/tests/swanctl/rw-psk-ppk/description.txt
new file mode 100755
index 000000000..b9535b95c
--- /dev/null
+++ b/testing/tests/swanctl/rw-psk-ppk/description.txt
@@ -0,0 +1,11 @@
+The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
+to gateway <b>moon</b>. The authentication is based on distinct <b>pre-shared keys</b>
+and <b>Fully Qualified Domain Names</b> and includes a <b>Postquantum Preshared Key (PPK)</b>
+that's also mixed into the derived key material. The PPK_ID used by <b>dave</b> is
+unknown to <b>moon</b> but since both peers don't enforce the use of a PPK they fall back
+to regular authentication by use of the authentication data provided in the NO_PPK_AUTH
+notify.
+Upon the successful establishment of the IPsec tunnels,
+<b>leftfirewall=yes</b> automatically inserts iptables-based firewall rules that
+let pass the tunneled traffic. In order to test both tunnel and firewall, both
+<b>carol</b> and <b>dave</b> ping the client <b>alice</b> behind the gateway <b>moon</b>.
diff --git a/testing/tests/swanctl/rw-psk-ppk/evaltest.dat b/testing/tests/swanctl/rw-psk-ppk/evaltest.dat
new file mode 100755
index 000000000..b8b3fcb0e
--- /dev/null
+++ b/testing/tests/swanctl/rw-psk-ppk/evaltest.dat
@@ -0,0 +1,15 @@
+carol::swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.100 local-port=4500 local-id=carol@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519 ppk=yes.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.100/32] remote-ts=\[10.1.0.0/16]::YES
+dave:: swanctl --list-sas --raw 2> /dev/null::home.*version=2 state=ESTABLISHED local-host=192.168.0.200 local-port=4500 local-id=dave@strongswan.org remote-host=192.168.0.1 remote-port=4500 remote-id=moon.strongswan.org initiator=yes.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*home.*state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[192.168.0.200/32] remote-ts=\[10.1.0.0/16]::YES
+moon:: swanctl --list-sas --ike-id 1 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.100 remote-port=4500 remote-id=carol@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519 ppk=yes.*child-sas.*net.*reqid=1 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.100/32]::YES
+moon:: swanctl --list-sas --ike-id 2 --raw 2> /dev/null::rw.*version=2 state=ESTABLISHED local-host=192.168.0.1 local-port=4500 local-id=moon.strongswan.org remote-host=192.168.0.200 remote-port=4500 remote-id=dave@strongswan.org.*encr-alg=AES_CBC encr-keysize=128 integ-alg=HMAC_SHA2_256_128 prf-alg=PRF_HMAC_SHA2_256 dh-group=CURVE_25519.*child-sas.*net.*reqid=2 state=INSTALLED mode=TUNNEL.*ESP.*encr-alg=AES_GCM_16 encr-keysize=128.*local-ts=\[10.1.0.0/16] remote-ts=\[192.168.0.200/32]::YES
+carol::cat /var/log/daemon.log::using PPK for PPK_ID 'ppk-carol@strongswan.org'::YES
+dave:: cat /var/log/daemon.log::peer didn't use PPK for PPK_ID 'ppk-dave@strongswan.org'::YES
+moon:: cat /var/log/daemon.log::using PPK for PPK_ID 'ppk-carol@strongswan.org'::YES
+moon:: cat /var/log/daemon.log::no PPK for 'ppk-dave@strongswan.org' found, ignored because PPK is not required::YES
+moon:: cat /var/log/daemon.log::no PPK available, using NO_PPK_AUTH notify::YES
+alice::ping -c 1 -W 1 192.168.0.100::64 bytes from 192.168.0.100: icmp_.eq=1::YES
+alice::ping -c 1 -W 1 192.168.0.200::64 bytes from 192.168.0.200: icmp_.eq=1::YES
+moon::tcpdump::IP moon.strongswan.org > carol.strongswan.org: ESP::YES
+moon::tcpdump::IP carol.strongswan.org > moon.strongswan.org: ESP::YES
+moon::tcpdump::IP moon.strongswan.org > dave.strongswan.org: ESP::YES
+moon::tcpdump::IP dave.strongswan.org > moon.strongswan.org: ESP::YES
diff --git a/testing/tests/swanctl/rw-psk-ppk/hosts/carol/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ppk/hosts/carol/etc/strongswan.conf
new file mode 100755
index 000000000..b56cc0cbf
--- /dev/null
+++ b/testing/tests/swanctl/rw-psk-ppk/hosts/carol/etc/strongswan.conf
@@ -0,0 +1,14 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = random openssl
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+ syslog {
+ daemon {
+ ike = 4
+ }
+ }
+}
diff --git a/testing/tests/swanctl/rw-psk-ppk/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ppk/hosts/carol/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..935a39ea8
--- /dev/null
+++ b/testing/tests/swanctl/rw-psk-ppk/hosts/carol/etc/swanctl/swanctl.conf
@@ -0,0 +1,43 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.100
+ remote_addrs = 192.168.0.1
+
+ ppk_id = ppk-carol@strongswan.org
+ ppk_required = yes
+
+ local {
+ auth = psk
+ id = carol@strongswan.org
+ }
+ remote {
+ auth = psk
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ ike-moon {
+ id = moon.strongswan.org
+ # hex value equal to base64 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
+ secret = 0x16964066a10de938bdb2ab7864fe4459cab1
+ }
+ ppk-carol {
+ id = ppk-carol@strongswan.org
+ secret = 0x98c61dd0f8c7daf07759617546f7b3ae156f19a7bc935c61523c7ca998e5eedb
+ }
+}
+
diff --git a/testing/tests/swanctl/rw-psk-ppk/hosts/dave/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ppk/hosts/dave/etc/strongswan.conf
new file mode 100755
index 000000000..dcef959ef
--- /dev/null
+++ b/testing/tests/swanctl/rw-psk-ppk/hosts/dave/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = random openssl
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+}
diff --git a/testing/tests/swanctl/rw-psk-ppk/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ppk/hosts/dave/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..84134fed3
--- /dev/null
+++ b/testing/tests/swanctl/rw-psk-ppk/hosts/dave/etc/swanctl/swanctl.conf
@@ -0,0 +1,40 @@
+connections {
+
+ home {
+ local_addrs = 192.168.0.200
+ remote_addrs = 192.168.0.1
+
+ ppk_id = ppk-dave@strongswan.org
+
+ local {
+ auth = psk
+ id = dave@strongswan.org
+ }
+ remote {
+ auth = psk
+ id = moon.strongswan.org
+ }
+ children {
+ home {
+ remote_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ ike-moon {
+ id = moon.strongswan.org
+ secret = 0sjVzONCF02ncsgiSlmIXeqhGN
+ }
+ ppk-dave {
+ id = ppk-dave@strongswan.org
+ secret = 0x06918e49398db61094438a5be8b743894f155f4e8521e6bcd1d47690557e4b13
+ }
+}
diff --git a/testing/tests/swanctl/rw-psk-ppk/hosts/moon/etc/strongswan.conf b/testing/tests/swanctl/rw-psk-ppk/hosts/moon/etc/strongswan.conf
new file mode 100755
index 000000000..dcef959ef
--- /dev/null
+++ b/testing/tests/swanctl/rw-psk-ppk/hosts/moon/etc/strongswan.conf
@@ -0,0 +1,9 @@
+# /etc/strongswan.conf - strongSwan configuration file
+
+swanctl {
+ load = random openssl
+}
+
+charon-systemd {
+ load = random nonce aes sha1 sha2 hmac curve25519 kernel-netlink socket-default updown vici
+}
diff --git a/testing/tests/swanctl/rw-psk-ppk/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/swanctl/rw-psk-ppk/hosts/moon/etc/swanctl/swanctl.conf
new file mode 100755
index 000000000..8552945bb
--- /dev/null
+++ b/testing/tests/swanctl/rw-psk-ppk/hosts/moon/etc/swanctl/swanctl.conf
@@ -0,0 +1,42 @@
+connections {
+
+ rw {
+ local_addrs = 192.168.0.1
+
+ ppk_id = *@strongswan.org
+
+ local {
+ auth = psk
+ id = moon.strongswan.org
+ }
+ remote {
+ auth = psk
+ }
+ children {
+ net {
+ local_ts = 10.1.0.0/16
+
+ updown = /usr/local/libexec/ipsec/_updown iptables
+ esp_proposals = aes128gcm128-x25519
+ }
+ }
+ version = 2
+ proposals = aes128-sha256-x25519
+ }
+}
+
+secrets {
+
+ ike-carol {
+ id = carol@strongswan.org
+ secret = 0sFpZAZqEN6Ti9sqt4ZP5EWcqx
+ }
+ ike-dave {
+ id = dave@strongswan.org
+ secret = 0sjVzONCF02ncsgiSlmIXeqhGN
+ }
+ ppk-carol {
+ id = ppk-carol@strongswan.org
+ secret = 0x98c61dd0f8c7daf07759617546f7b3ae156f19a7bc935c61523c7ca998e5eedb
+ }
+}
diff --git a/testing/tests/swanctl/rw-psk-ppk/posttest.dat b/testing/tests/swanctl/rw-psk-ppk/posttest.dat
new file mode 100755
index 000000000..b909ac76c
--- /dev/null
+++ b/testing/tests/swanctl/rw-psk-ppk/posttest.dat
@@ -0,0 +1,8 @@
+carol::swanctl --terminate --ike home
+dave::swanctl --terminate --ike home
+carol::systemctl stop strongswan-swanctl
+dave::systemctl stop strongswan-swanctl
+moon::systemctl stop strongswan-swanctl
+moon::iptables-restore < /etc/iptables.flush
+carol::iptables-restore < /etc/iptables.flush
+dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/swanctl/rw-psk-ppk/pretest.dat b/testing/tests/swanctl/rw-psk-ppk/pretest.dat
new file mode 100755
index 000000000..48849c8b0
--- /dev/null
+++ b/testing/tests/swanctl/rw-psk-ppk/pretest.dat
@@ -0,0 +1,14 @@
+moon::iptables-restore < /etc/iptables.rules
+carol::iptables-restore < /etc/iptables.rules
+dave::iptables-restore < /etc/iptables.rules
+moon::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
+carol::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
+dave::cd /etc/swanctl; rm rsa/* x509/* x509ca/*
+moon::systemctl start strongswan-swanctl
+carol::systemctl start strongswan-swanctl
+dave::systemctl start strongswan-swanctl
+moon::expect-connection rw
+carol::expect-connection home
+carol::swanctl --initiate --child home 2> /dev/null
+dave::expect-connection home
+dave::swanctl --initiate --child home 2> /dev/null
diff --git a/testing/tests/swanctl/rw-psk-ppk/test.conf b/testing/tests/swanctl/rw-psk-ppk/test.conf
new file mode 100755
index 000000000..1227b9d1c
--- /dev/null
+++ b/testing/tests/swanctl/rw-psk-ppk/test.conf
@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# This configuration file provides information on the
+# guest instances used for this test
+
+# All guest instances that are required for this test
+#
+VIRTHOSTS="alice moon carol winnetou dave"
+
+# Corresponding block diagram
+#
+DIAGRAM="a-m-c-w-d.png"
+
+# Guest instances on which tcpdump is to be started
+#
+TCPDUMPHOSTS="moon"
+
+# Guest instances on which IPsec is started
+# Used for IPsec logging purposes
+#
+IPSECHOSTS="moon carol dave"
+
+# charon controlled by swanctl
+#
+SWANCTL=1
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/description.txt b/testing/tests/tnc/tnccs-20-nea-pt-tls/description.txt
deleted file mode 100644
index 90e85485c..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/description.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-The PT-TLS (RFC 6876) clients <b>carol</b> and <b>dave</b> set up a connection each to the policy decision
-point (PDP) <b>alice</b>. Endpoint <b>carol</b> uses password-based SASL PLAIN client authentication during the
-<b>PT-TLS negotiation phase</b> whereas endpoint <b>dave</b> uses certificate-based TLS client authentication
-during the <b>TLS setup phase</b>.
-<p/>
-During the ensuing <b>PT-TLS data transport phase</b> the <b>OS</b> and <b>SWIMA</b> IMC/IMV pairs
-loaded by the PT-TLS clients and PDP, respectively, exchange PA-TNC (RFC 5792) messages
-embedded in PB-TNC (RFC 5793) batches. The <b>SWIMA</b> IMC on <b>carol</b> is requested to deliver
-a concise <b>Software ID Inventory</b> whereas <b>dave</b> must send a full <b>Software Inventory</b>.
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat
deleted file mode 100644
index 7850e2e74..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/evaltest.dat
+++ /dev/null
@@ -1,25 +0,0 @@
-dave:: cat /var/log/auth.log::sending TLS CertificateVerify handshake::YES
-dave:: cat /var/log/auth.log::collected ... SW records::YES
-carol::cat /var/log/auth.log::received SASL Success result::YES
-carol::cat /var/log/auth.log::collected ... SW ID records::YES
-carol::cat /var/log/auth.log::strongswan.org__strongSwan.*swidtag::YES
-carol::cat /var/log/auth.log::collected 1 SW record::YES
-alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_DAVE::YES
-alice::cat /var/log/daemon.log::checking certificate status of.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org::YES
-alice::cat /var/log/daemon.log::certificate status is good::YES
-alice::cat /var/log/daemon.log::skipping SASL, client already authenticated by TLS certificate::YES
-alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES
-alice::cat /var/log/daemon.log::received software inventory with ... items for request 3 at last eid 1 of epoch::YES
-alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES
-moon:: cat /var/log/auth.log::host with IP address 192.168.0.200 is blocked::YES
-alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_CAROL::YES
-alice::cat /var/log/daemon.log::SASL PLAIN authentication successful::YES
-alice::cat /var/log/daemon.log::SASL client identity is.*carol::YES
-alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by password::YES
-alice::cat /var/log/daemon.log::failed to collect SW ID events, fallback to SW ID inventory::YES
-alice::cat /var/log/daemon.log::received software ID inventory with ... items for request 9 at last eid 1 of epoch::YES
-alice::cat /var/log/daemon.log::1 SWID tag target::YES
-alice::cat /var/log/daemon.log::received software inventory with 1 item for request 9 at last eid 1 of epoch::YES
-alice::cat /var/log/daemon.log::strongswan.org__strongSwan.*@ /usr/local/share/strongswan::YES
-alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES
-moon::cat /var/log/auth.log::host with IP address 192.168.0.100 is allowed::YES
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf
deleted file mode 100644
index 4075f75bd..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/000-default.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-WSGIPythonPath /var/www/tnc
-
-<VirtualHost *:80>
- ServerName tnc.strongswan.org
- ServerAlias tnc
- ServerAdmin webmaster@localhost
-
- DocumentRoot /var/www/tnc
-
- <Directory /var/www/tnc/config>
- <Files wsgi.py>
- <IfModule mod_authz_core.c>
- Require all granted
- </IfModule>
- <IfModule !mod_authz_core.c>
- Order deny,allow
- Allow from all
- </IfModule>
- </Files>
- </Directory>
-
- WSGIScriptAlias / /var/www/tnc/config/wsgi.py
- WSGIApplicationGroup %{GLOBAL}
- WSGIPassAuthorization On
-
- Alias /static/ /var/www/tnc/static/
-
- ErrorLog ${APACHE_LOG_DIR}/tnc/error.log
- LogLevel warn
- CustomLog ${APACHE_LOG_DIR}/tnc/access.log combined
-</VirtualHost>
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/default b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/default
deleted file mode 100644
index 1dc8b5688..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/apache2/sites-available/default
+++ /dev/null
@@ -1 +0,0 @@
-Include sites-available/000-default.conf \ No newline at end of file
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/iptables.rules b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/iptables.rules
deleted file mode 100644
index c556d9483..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/iptables.rules
+++ /dev/null
@@ -1,28 +0,0 @@
-*filter
-
-# default policy is DROP
--P INPUT DROP
--P OUTPUT DROP
--P FORWARD DROP
-
-# open loopback interface
--A INPUT -i lo -j ACCEPT
--A OUTPUT -o lo -j ACCEPT
-
-# allow PT-TLS
--A INPUT -i eth0 -p tcp --dport 271 -j ACCEPT
--A OUTPUT -o eth0 -p tcp --sport 271 -j ACCEPT
-
-# allow inbound ssh
--A INPUT -p tcp --dport 22 -j ACCEPT
--A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-# allow outbound ssh
--A OUTPUT -p tcp --dport 22 -j ACCEPT
--A INPUT -p tcp --sport 22 -j ACCEPT
-
-# allow crl fetch from winnetou
--A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT
--A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT
-
-COMMIT
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/pts/data1.sql b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/pts/data1.sql
deleted file mode 100644
index 16ab96d58..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/pts/data1.sql
+++ /dev/null
@@ -1,61 +0,0 @@
-/* Devices */
-
-INSERT INTO devices ( /* 1 */
- value, product, created
-)
-SELECT 'aabbccddeeff11223344556677889900', id, 1372330615
-FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64';
-
-/* Groups Members */
-
-INSERT INTO groups_members (
- group_id, device_id
-) VALUES (
- 10, 1
-);
-
-/* Identities */
-
-INSERT INTO identities (
- type, value
-) VALUES ( /* dave@strongswan.org */
- 4, X'64617665407374726f6e677377616e2e6f7267'
-);
-
-/* Sessions */
-
-INSERT INTO sessions (
- time, connection, identity, device, product, rec
-)
-SELECT NOW, 1, 1, 1, id, 0
-FROM products WHERE name = 'Debian DEBIAN_VERSION x86_64';
-
-/* Results */
-
-INSERT INTO results (
- session, policy, rec, result
-) VALUES (
- 1, 1, 0, 'processed 355 packages: 0 not updated, 0 blacklisted, 4 ok, 351 not found'
-);
-
-/* Enforcements */
-
-INSERT INTO enforcements (
- policy, group_id, max_age, rec_fail, rec_noresult
-) VALUES (
- 3, 10, 0, 2, 2
-);
-
-INSERT INTO enforcements (
- policy, group_id, max_age
-) VALUES (
- 17, 2, 86400
-);
-
-INSERT INTO enforcements (
- policy, group_id, max_age
-) VALUES (
- 18, 10, 86400
-);
-
-DELETE FROM enforcements WHERE id = 1;
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongTNC/settings.ini b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongTNC/settings.ini
deleted file mode 100644
index 5ae53c47a..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongTNC/settings.ini
+++ /dev/null
@@ -1,19 +0,0 @@
-[debug]
-DEBUG=0
-TEMPLATE_DEBUG=0
-DEBUG_TOOLBAR=0
-
-[db]
-DJANGO_DB_URL=sqlite:////var/www/tnc/django.db
-STRONGTNC_DB_URL = sqlite:////etc/db.d/config.db
-
-[localization]
-LANGUAGE_CODE=en-us
-TIME_ZONE=Europe/Zurich
-
-[admins]
-Your Name: alice@strongswan.org
-
-[security]
-SECRET_KEY=strongSwan
-ALLOWED_HOSTS=127.0.0.1,10.1.0.10,tnc.strongswan.org,tnc
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf
deleted file mode 100644
index 04d7dbacc..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/strongswan.conf
+++ /dev/null
@@ -1,46 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-charon-systemd {
- load = random nonce pem pkcs1 x509 openssl revocation constraints curl vici socket-default kernel-netlink tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
-
- syslog {
- daemon {
- tls = 2
- tnc = 2
- imv = 3
- }
- }
- plugins {
- tnc-pdp {
- server = aaa.strongswan.org
- radius {
- secret = gv6URkSs
- }
- }
- tnc-imv {
- dlclose = no
- }
- }
-}
-
-libtls {
- suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-}
-
-libimcv {
- database = sqlite:///etc/db.d/config.db
- policy_script = /usr/local/libexec/ipsec/imv_policy_manager
-
- plugins {
- imv-swima {
- rest_api {
- uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
- }
- }
- }
-}
-
-imv_policy_manager {
- command_allow = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is allowed\""'
- command_block = ssh root@moon 'logger -t charon-systemd -p auth.alert "\"host with IP address %s is blocked\""'
-}
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem
deleted file mode 100644
index adc47dd33..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/rsa/aaaKey.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAtxfP0jM8wZqtJvNmYar+WmB5GkzZbm431C5YWpSc/4vjCMXl
-h/7VuGPkOeuEqU4KOKL3l0OQt1Exh77ii9ekg0X//4n132fI/hg0sKVRPCK8HC8l
-0LdwnLLNI7uO5ObYY1KtAVnDeI/cfFbLV0z38/X7GWCpKi7ocmVMNalpD5w7c/9a
-VgpO70O9NPr+OPhs1Lp9uJQQbQzQlhydhK3SLA1bJEcyXYMqOamJud+EcM1Hjq3S
-W5JpKhuroDSxGzMntRF0TgrGXf8ctNfz/52repoUh2GrFfOhkpXrKUErf46NNtnD
-e4FXvyprZNQO4wJBWKCSS3p16UWEL+1LFwiDPQIDAQABAoIBAQCNeNG0+rA0bF7k
-nOf8CZL1pFuOzdin8nQi+Bh/DRvufVlU+wyrM2ZSTqUXd/sOkuVk889ZyvQ0IYGj
-AQStx1cvs9Pl0OTx1ZDBfVShNWv6imBNasTObB+QhLvro037Yr/KpyRUydY2/vn/
-/VSrRSbGE8gMyNqNZKdpVQo44Ij0bJXxx7kVJ7CfftB65bujkRSK5u7eGjFVyHGs
-P9v4n72Pt0mVdC8yeiMjJAmmKLWaDf7U2SUoaxf0IRjRNPdVBuPjbYjfnJ0sGlxF
-sCQtu+3JQ4b7vyxrAyUtImbTLwvFqQHTGIahZUvhGd/1aO0Zmls1mvuZ+VhUIsek
-uBJh54jFAoGBAN7M08mBkA8oUns0IzzG+A0JYDmdbvOWbKtyQDRl7LkXOq/PckIj
-PoliI/5aNZe9+Q8kq8xnvLVcsup7EX6Ovaqc6S3ODNEjy4XEqGMM9tkrz4R4N5f5
-hLayOg3MfdJiPOn3HF+cVvHp0Vwpt8K5TgVmOWkVSKTa+6eX4mhQUuKjAoGBANJg
-Rmka90zo+7PPze4oo5ePeqwZrwQ3/6OeD/G1lqMFPOgk3MLGuv9HvtQA5gyyAH7+
-Qy/t+rdPSC7PZi29s8/cERmWTdbZ1ocuKa6xxSvktl7Ibv51d0sW1n+kfVin7cLL
-SskoK8BRXjXsZg7jjZjE5f6iqdHq+JPA2JWM10CfAoGAOXTvJScxhIcshjNS5wiU
-zZ/eXd1Y0J65VZl4L0sdujngW5iO6bl3FizmBWE0Mva99QbK+0LBarAGP+wO/elH
-xmkCxVo++exWPyARIMImIqlmsc3i4GFrtUXPLOHQjOHivZ+JhKqnzWk0IaVsi14I
-XeIX6h6gBkum3HiR3b7hMSsCgYEAtq7ftbmy8liG6hgTzTIBDUWM0xHihxlRpnVF
-hzGWw61yvGv2QDVugOt+bH7zRib0g1KsaVyQkMoJ9ownQKUxFdkWCFAa++1iezS9
-AXRhscIEE76dk93RX6VPUrw2FNyOfM8n/BIkG/cMhmroHRnBBd5Fkp8SNLWEclnO
-Od95tCUCgYEAgvohkyZAAKMRUFYEvHgwyxeXHifHVPIoK9UN022DJmIEJE2ISGtH
-yHnBKgF52tlYhC9ijKwMG43C9IvycydRUtViOxDV8AiE4BV1tXuQHLl0jD2R7yq5
-9pNtnYgXW+ZKlx9705ltHj8hhKl6r2I8oXdR9KFGO83wq8fr6tyjqHc=
------END RSA PRIVATE KEY-----
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/swanctl.conf
deleted file mode 100644
index 635620b7d..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/swanctl.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-secrets {
-
- eap-carol {
- id = carol
- secret = "Ar3etTnp"
- }
-}
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem
deleted file mode 100644
index 42083c2a9..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/swanctl/x509/aaaCert.pem
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEIDCCAwigAwIBAgIBMzANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJDSDEZ
-MBcGA1UEChMQTGludXggc3Ryb25nU3dhbjEbMBkGA1UEAxMSc3Ryb25nU3dhbiBS
-b290IENBMB4XDTE1MDgwNDE0NTUzMVoXDTE5MDkwNjE0NTUzMVowRTELMAkGA1UE
-BhMCQ0gxGTAXBgNVBAoTEExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEmFhYS5z
-dHJvbmdzd2FuLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALcX
-z9IzPMGarSbzZmGq/lpgeRpM2W5uN9QuWFqUnP+L4wjF5Yf+1bhj5DnrhKlOCjii
-95dDkLdRMYe+4ovXpINF//+J9d9nyP4YNLClUTwivBwvJdC3cJyyzSO7juTm2GNS
-rQFZw3iP3HxWy1dM9/P1+xlgqSou6HJlTDWpaQ+cO3P/WlYKTu9DvTT6/jj4bNS6
-fbiUEG0M0JYcnYSt0iwNWyRHMl2DKjmpibnfhHDNR46t0luSaSobq6A0sRszJ7UR
-dE4Kxl3/HLTX8/+dq3qaFIdhqxXzoZKV6ylBK3+OjTbZw3uBV78qa2TUDuMCQVig
-kkt6delFhC/tSxcIgz0CAwEAAaOCARkwggEVMAkGA1UdEwQCMAAwCwYDVR0PBAQD
-AgOoMB0GA1UdDgQWBBRFNnP26ELy5j7KMOO+a8dh5pLe6DBtBgNVHSMEZjBkgBRd
-p91wBlEyfue2bbO15eBg6i5N76FJpEcwRTELMAkGA1UEBhMCQ0gxGTAXBgNVBAoT
-EExpbnV4IHN0cm9uZ1N3YW4xGzAZBgNVBAMTEnN0cm9uZ1N3YW4gUm9vdCBDQYIB
-ADAdBgNVHREEFjAUghJhYWEuc3Ryb25nc3dhbi5vcmcwEwYDVR0lBAwwCgYIKwYB
-BQUHAwEwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2NybC5zdHJvbmdzd2FuLm9y
-Zy9zdHJvbmdzd2FuLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAsncNPDCCDd4mzIHs
-nHY7b6H1tVQtFSbAQntV06D4D7vOp6Y+M5S8ta50hJu4f4GEeH5c7/hm8gbRdHt/
-TcjlV/UWBfhU3c/hNJo2LpmmtdmYUABLA3rdZ+FzOnAHX9H8eI988G7eHpI9T7L2
-FY2YEnWhIUVjFrojtH2+NbuA/Ori1QwSBiVhvJQgvUPjhKkjUtC+8zIdaCmJFErQ
-GGObpAMtnTcQ74md9BQ791RPMp77tDe1fgm7m8QWIsoIyYEhvzyfk2VTBn1VlWyH
-sbT0Vb3X9ubt0KXn2Xr491WTCpc5rzDWj9CNUYUgW7RaPxgw5cj2HK6oiLnGpO73
-xyr/Qw==
------END CERTIFICATE-----
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/tnc_config
deleted file mode 100644
index 1499dfc90..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/alice/etc/tnc_config
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMV configuration file for strongSwan client
-
-IMV "OS" /usr/local/lib/ipsec/imcvs/imv-os.so
-IMV "SWIMA" /usr/local/lib/ipsec/imcvs/imv-swima.so
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/ipsec.sql
deleted file mode 100644
index 805c8bfd9..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/ipsec.sql
+++ /dev/null
@@ -1,4 +0,0 @@
-/* strongSwan SQLite database */
-
-/* configuration is read from the command line */
-/* credentials are read from the command line */
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/iptables.rules b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/iptables.rules
deleted file mode 100644
index d01d0a3c9..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/iptables.rules
+++ /dev/null
@@ -1,20 +0,0 @@
-*filter
-
-# default policy is DROP
--P INPUT DROP
--P OUTPUT DROP
--P FORWARD DROP
-
-# allow PT-TLS
--A INPUT -i eth0 -s 10.1.0.10 -p tcp --sport 271 -j ACCEPT
--A OUTPUT -o eth0 -d 10.1.0.10 -p tcp --dport 271 -j ACCEPT
-
-# allow ssh
--A INPUT -p tcp --dport 22 -j ACCEPT
--A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-# allow crl fetch from winnetou
--A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT
--A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT
-
-COMMIT
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/pts/options b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/pts/options
deleted file mode 100644
index 52a3673b3..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/pts/options
+++ /dev/null
@@ -1,6 +0,0 @@
---connect aaa.strongswan.org
---client carol
---secret "Ar3etTnp"
---cert /etc/swanctl/x509ca/strongswanCert.pem
---quiet
---debug 2
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/strongswan.conf
deleted file mode 100644
index 5aad08905..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/strongswan.conf
+++ /dev/null
@@ -1,18 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-libtls {
- suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-}
-
-libimcv {
- swid_gen {
- tag_creator {
- name = Debian Project
- regid = debian.org
- }
- }
-}
-
-pt-tls-client {
- load = revocation constraints pem openssl curl nonce tnc-tnccs tnc-imc tnccs-20
-}
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/swanctl/swanctl.conf
deleted file mode 100644
index 28da4d427..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/swanctl/swanctl.conf
+++ /dev/null
@@ -1 +0,0 @@
-# the PT-TLS client reads its configuration and secrets via the command line
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/tnc_config
deleted file mode 100644
index 3975056ca..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/carol/etc/tnc_config
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMC configuration file for strongSwan client
-
-IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so
-IMC "SWIMA" /usr/local/lib/ipsec/imcvs/imc-swima.so
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/ipsec.sql b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/ipsec.sql
deleted file mode 100644
index 805c8bfd9..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/ipsec.sql
+++ /dev/null
@@ -1,4 +0,0 @@
-/* strongSwan SQLite database */
-
-/* configuration is read from the command line */
-/* credentials are read from the command line */
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/iptables.rules b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/iptables.rules
deleted file mode 100644
index d01d0a3c9..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/iptables.rules
+++ /dev/null
@@ -1,20 +0,0 @@
-*filter
-
-# default policy is DROP
--P INPUT DROP
--P OUTPUT DROP
--P FORWARD DROP
-
-# allow PT-TLS
--A INPUT -i eth0 -s 10.1.0.10 -p tcp --sport 271 -j ACCEPT
--A OUTPUT -o eth0 -d 10.1.0.10 -p tcp --dport 271 -j ACCEPT
-
-# allow ssh
--A INPUT -p tcp --dport 22 -j ACCEPT
--A OUTPUT -p tcp --sport 22 -j ACCEPT
-
-# allow crl fetch from winnetou
--A INPUT -i eth0 -p tcp --sport 80 -s 192.168.0.150 -j ACCEPT
--A OUTPUT -o eth0 -p tcp --dport 80 -d 192.168.0.150 -j ACCEPT
-
-COMMIT
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/pts/options b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/pts/options
deleted file mode 100644
index 08953142f..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/pts/options
+++ /dev/null
@@ -1,7 +0,0 @@
---connect aaa.strongswan.org
---client dave@strongswan.org
---key /etc/swanctl/rsa/daveKey.pem
---cert /etc/swanctl/x509/daveCert.pem
---cert /etc/swanctl/x509ca/strongswanCert.pem
---quiet
---debug 2
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/strongswan.conf
deleted file mode 100644
index cf08b969d..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/strongswan.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-libimcv {
- swid_gen {
- tag_creator {
- name = Debian Project
- regid = debian.org
- }
- }
- plugins {
- imc-os {
- push_info = no
- }
- imc-swima {
- swid_directory = /usr/share
- swid_pretty = yes
- }
- }
-}
-
-libtls {
- suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-}
-
-pt-tls-client {
- load = revocation constraints pem openssl curl nonce tnc-tnccs tnc-imc tnccs-20
-}
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/swanctl/swanctl.conf
deleted file mode 100644
index 28da4d427..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/swanctl/swanctl.conf
+++ /dev/null
@@ -1 +0,0 @@
-# the PT-TLS client reads its configuration and secrets via the command line
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/tnc_config
deleted file mode 100644
index 3975056ca..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/dave/etc/tnc_config
+++ /dev/null
@@ -1,4 +0,0 @@
-#IMC configuration file for strongSwan client
-
-IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so
-IMC "SWIMA" /usr/local/lib/ipsec/imcvs/imc-swima.so
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/strongswan.conf
deleted file mode 100644
index d99a4b78a..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/strongswan.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/strongswan.conf - strongSwan configuration file
-
-# this file is not used in this scenario
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/swanctl/swanctl.conf b/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/swanctl/swanctl.conf
deleted file mode 100644
index 27f96a620..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/hosts/moon/etc/swanctl/swanctl.conf
+++ /dev/null
@@ -1 +0,0 @@
-# this file is not used in this scenario
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat
deleted file mode 100644
index c0049d7fd..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/posttest.dat
+++ /dev/null
@@ -1,10 +0,0 @@
-carol::ip route del 10.1.0.0/16 via 192.168.0.1
-dave::ip route del 10.1.0.0/16 via 192.168.0.1
-winnetou::ip route del 10.1.0.0/16 via 192.168.0.1
-alice::systemctl stop strongswan-swanctl
-alice::systemctl stop apache2
-alice::rm /etc/swanctl/rsa/aaaKey.pem
-alice::rm /etc/swanctl/x509/aaaCert.pem
-alice::iptables-restore < /etc/iptables.flush
-carol::iptables-restore < /etc/iptables.flush
-dave::iptables-restore < /etc/iptables.flush
diff --git a/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat b/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat
deleted file mode 100644
index c895148f2..000000000
--- a/testing/tests/tnc/tnccs-20-nea-pt-tls/pretest.dat
+++ /dev/null
@@ -1,25 +0,0 @@
-alice::iptables-restore < /etc/iptables.rules
-carol::iptables-restore < /etc/iptables.rules
-dave::iptables-restore < /etc/iptables.rules
-alice::cat /etc/tnc_config
-carol::cat /etc/tnc_config
-carol::echo 0 > /proc/sys/net/ipv4/ip_forward
-dave::echo aabbccddeeff11223344556677889900 > /var/lib/dbus/machine-id
-dave::cat /etc/tnc_config
-alice::sed -i "s/NOW/`date +%s`/g" /etc/pts/data1.sql
-alice::sed -i "s:DEBIAN_VERSION:\`cat /etc/debian_version\`:" /etc/pts/data1.sql
-alice::cd /usr/local/share/strongswan/templates/database/imv; cat tables.sql data.sql /etc/pts/data1.sql | sqlite3 /etc/db.d/config.db
-alice::chgrp -R www-data /etc/db.d/config.db; chmod -R g+w /etc/db.d/config.db
-alice::/usr/local/bin/init_tnc
-alice::rm /etc/swanctl/x509/aliceCert.pem
-alice::rm /etc/swanctl/rsa/aliceKey.pem
-alice::systemctl start apache2
-alice::systemctl start strongswan-swanctl
-alice::swanctl --load-creds
-winnetou::ip route add 10.1.0.0/16 via 192.168.0.1
-dave::ip route add 10.1.0.0/16 via 192.168.0.1
-dave::cat /etc/pts/options
-dave::/usr/local/bin/pt-tls-client --optionsfrom /etc/pts/options
-carol::ip route add 10.1.0.0/16 via 192.168.0.1
-carol::cat /etc/pts/options
-carol::/usr/local/bin/pt-tls-client --optionsfrom /etc/pts/options
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/description.txt b/testing/tests/tnc/tnccs-20-pdp-eap/description.txt
index a178211e1..234941171 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/description.txt
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/description.txt
@@ -6,7 +6,9 @@ authenticated by an X.509 AAA certificate. The strong EAP-TTLS tunnel protects t
client authentication based on <b>EAP-MD5</b>. In a next step the EAP-TNC protocol is used within
the EAP-TTLS tunnel to determine the health of <b>carol</b> and <b>dave</b> via the <b>IF-TNCCS 2.0</b>
client-server interface defined by <b>RFC 5793 PB-TNC</b>. The communication between IMCs and IMVs
-is based on the <b>IF-M</b> protocol defined by <b>RFC 5792 PA-TNC</b>.
+is based on the <b>IF-M</b> protocol defined by <b>RFC 5792 PA-TNC</b>. The <b>SWIMA</b> IMC on <b>carol</b>
+is requested to deliver a concise <b>Software ID Inventory</b> whereas <b>dave</b> must send a full
+<b>Software Inventory</b>.
<p>
<b>carol</b> passes the health test and <b>dave</b> fails. Based on these measurements the clients
are connected by gateway <b>moon</b> to the "rw-allow" and "rw-isolate" subnets, respectively.
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat
index 258352834..dfe42aed9 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/evaltest.dat
@@ -1,18 +1,22 @@
dave:: cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES
dave:: cat /var/log/daemon.log::PDP server.*aaa.strongswan.org.*is listening on port 271::YES
-dave:: cat /var/log/daemon.log::collected ... SWID tags::YES
+dave:: cat /var/log/daemon.log::collected ... SW records::YES
dave:: cat /var/log/daemon.log::PB-TNC access recommendation is .*Quarantined::YES
dave:: cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
carol::cat /var/log/daemon.log::authentication of 'moon.strongswan.org' with RSA.* successful::YES
carol::cat /var/log/daemon.log::PDP server.*aaa.strongswan.org.*is listening on port 271::YES
-carol::cat /var/log/daemon.log::collected ... SWID tag IDs::YES
-carol::cat /var/log/daemon.log::collected 1 SWID tag::YES
+carol::cat /var/log/daemon.log::collected ... SW ID records::YES
+carol::cat /var/log/daemon.log::strongswan.org__strongSwan.*swidtag::YES
+carol::cat /var/log/daemon.log::collected 1 SW record::YES
carol::cat /var/log/daemon.log::PB-TNC access recommendation is .*Access Allowed::YES
carol::cat /var/log/daemon.log::EAP method EAP_TTLS succeeded, MSK established::YES
alice::cat /var/log/daemon.log::user AR identity.*dave.*authenticated by password::YES
-alice::cat /var/log/daemon.log::IMV 2 handled SWIDT workitem 3: allow - received inventory of 0 SWID tag IDs and ... SWID tags::YES
+alice::cat /var/log/daemon.log::received software inventory with.*items for request 3 at last eid 1 of epoch::YES
alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by password::YES
-alice::cat /var/log/daemon.log::IMV 2 handled SWIDT workitem 9: allow - received inventory of ... SWID tag IDs and 1 SWID tag::YES
+alice::cat /var/log/daemon.log::failed to collect SW ID events, fallback to SW ID inventory::YES
+alice::cat /var/log/daemon.log::received software ID inventory with.*items for request 9 at last eid 1 of epoch::YES
+alice::cat /var/log/daemon.log::1 SWID tag target::YES
+alice::cat /var/log/daemon.log::received software inventory with 1 item for request 9 at last eid 1 of epoch::YES
moon:: cat /var/log/daemon.log::received RADIUS attribute Filter-Id: 'isolate'::YES
moon:: cat /var/log/daemon.log::RADIUS authentication of 'dave' successful::YES
moon:: cat /var/log/daemon.log::authentication of '192.168.0.200' with EAP successful::YES
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
index e01fe4b4c..72dbbfa52 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/strongswan.conf
@@ -34,8 +34,11 @@ libimcv {
policy_script = /usr/local/libexec/ipsec/imv_policy_manager
plugins {
- imv-swid {
- rest_api_uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
+ imv-swima {
+ rest_api
+ {
+ uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
+ }
}
}
}
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/tnc_config
index ebe88bc99..0c6812b41 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/tnc_config
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/alice/etc/tnc_config
@@ -1,4 +1,4 @@
-#IMV configuration file for strongSwan client
+#IMV configuration file for strongSwan client
IMV "OS" /usr/local/lib/ipsec/imcvs/imv-os.so
-IMV "SWID" /usr/local/lib/ipsec/imcvs/imv-swid.so
+IMV "SWIMA" /usr/local/lib/ipsec/imcvs/imv-swima.so
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config
index a954883a4..8139c3a4c 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/carol/etc/tnc_config
@@ -1,4 +1,4 @@
-#IMC configuration file for strongSwan client
+#IMC configuration file for strongSwan client
IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so
-IMC "SWID" /usr/local/lib/ipsec/imcvs/imc-swid.so
+IMC "SWIMA" /usr/local/lib/ipsec/imcvs/imc-swima.so
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf
index 852e0714e..55d07f574 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/strongswan.conf
@@ -32,7 +32,7 @@ libimcv {
imc-os {
push_info = no
}
- imc-swid {
+ imc-swima {
swid_directory = /usr/share
swid_pretty = no
}
diff --git a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config
index a954883a4..8139c3a4c 100644
--- a/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config
+++ b/testing/tests/tnc/tnccs-20-pdp-eap/hosts/dave/etc/tnc_config
@@ -1,4 +1,4 @@
-#IMC configuration file for strongSwan client
+#IMC configuration file for strongSwan client
IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so
-IMC "SWID" /usr/local/lib/ipsec/imcvs/imc-swid.so
+IMC "SWIMA" /usr/local/lib/ipsec/imcvs/imc-swima.so
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt b/testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt
index 45a77e900..90e85485c 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/description.txt
@@ -1,9 +1,9 @@
The PT-TLS (RFC 6876) clients <b>carol</b> and <b>dave</b> set up a connection each to the policy decision
-point (PDP) <b>alice</b>. <b>carol</b> uses password-based SASL PLAIN client authentication during the
-<b>PT-TLS negotiation phase</b> and <b>dave</b> uses certificate-based TLS client authentication during the
-<b>TLS setup phase</b>.
+point (PDP) <b>alice</b>. Endpoint <b>carol</b> uses password-based SASL PLAIN client authentication during the
+<b>PT-TLS negotiation phase</b> whereas endpoint <b>dave</b> uses certificate-based TLS client authentication
+during the <b>TLS setup phase</b>.
<p/>
-During the ensuing <b>PT-TLS data transport phase</b> the <b>OS</b> and <b>SWID</b> IMC/IMV pairs
+During the ensuing <b>PT-TLS data transport phase</b> the <b>OS</b> and <b>SWIMA</b> IMC/IMV pairs
loaded by the PT-TLS clients and PDP, respectively, exchange PA-TNC (RFC 5792) messages
-embedded in PB-TNC (RFC 5793) batches. The <b>SWID</b> IMC on <b>carol</b> is requested to deliver
-a concise <b>SWID Tag ID Inventory</b> whereas <b>dave</b> must send a full <b>SWID Tag Inventory</b>.
+embedded in PB-TNC (RFC 5793) batches. The <b>SWIMA</b> IMC on <b>carol</b> is requested to deliver
+a concise <b>Software ID Inventory</b> whereas <b>dave</b> must send a full <b>Software Inventory</b>.
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
index bf4191618..bded669da 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/evaltest.dat
@@ -1,23 +1,25 @@
dave:: cat /var/log/auth.log::sending TLS CertificateVerify handshake::YES
-dave:: cat /var/log/auth.log::collected ... SWID tags::YES
+dave:: cat /var/log/auth.log::collected ... SW records::YES
carol::cat /var/log/auth.log::received SASL Success result::YES
-carol::cat /var/log/auth.log::collected ... SWID tag IDs::YES
-carol::cat /var/log/auth.log::collected 1 SWID tag::YES
+carol::cat /var/log/auth.log::collected ... SW ID records::YES
+carol::cat /var/log/auth.log::strongswan.org__strongSwan.*swidtag::YES
+carol::cat /var/log/auth.log::collected 1 SW record::YES
alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_DAVE::YES
alice::cat /var/log/daemon.log::checking certificate status of.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org::YES
alice::cat /var/log/daemon.log::certificate status is good::YES
alice::cat /var/log/daemon.log::skipping SASL, client already authenticated by TLS certificate::YES
alice::cat /var/log/daemon.log::user AR identity.*C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org.*authenticated by certificate::YES
-alice::cat /var/log/daemon.log::received SWID tag inventory with ... items for request 3 at eid 1 of epoch::YES
+alice::cat /var/log/daemon.log::received software inventory with ... items for request 3 at last eid 1 of epoch::YES
alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.200 is blocked::YES
moon:: cat /var/log/auth.log::host with IP address 192.168.0.200 is blocked::YES
alice::cat /var/log/daemon.log::accepting PT-TLS stream from PH_IP_CAROL::YES
alice::cat /var/log/daemon.log::SASL PLAIN authentication successful::YES
alice::cat /var/log/daemon.log::SASL client identity is.*carol::YES
alice::cat /var/log/daemon.log::user AR identity.*carol.*authenticated by password::YES
-alice::cat /var/log/daemon.log::received SWID tag ID inventory with ... items for request 9 at eid 1 of epoch::YES
+alice::cat /var/log/daemon.log::failed to collect SW ID events, fallback to SW ID inventory::YES
+alice::cat /var/log/daemon.log::received software ID inventory with ... items for request 9 at last eid 1 of epoch::YES
alice::cat /var/log/daemon.log::1 SWID tag target::YES
-alice::cat /var/log/daemon.log::received SWID tag inventory with 1 item for request 9 at eid 1 of epoch::YES
-alice::cat /var/log/daemon.log::strongswan.org__strongSwan-::YES
+alice::cat /var/log/daemon.log::received software inventory with 1 item for request 9 at last eid 1 of epoch::YES
+alice::cat /var/log/daemon.log::strongswan.org__strongSwan.*@ file:///usr/local/share/strongswan::YES
alice::cat /var/log/daemon.log::successful system command: ssh root@moon.*logger -t charon-systemd -p auth.alert.*host with IP address 192.168.0.100 is allowed::YES
moon::cat /var/log/auth.log::host with IP address 192.168.0.100 is allowed::YES
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
index 944a5928d..04d7dbacc 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/strongswan.conf
@@ -17,6 +17,9 @@ charon-systemd {
secret = gv6URkSs
}
}
+ tnc-imv {
+ dlclose = no
+ }
}
}
@@ -29,8 +32,10 @@ libimcv {
policy_script = /usr/local/libexec/ipsec/imv_policy_manager
plugins {
- imv-swid {
- rest_api_uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
+ imv-swima {
+ rest_api {
+ uri = http://admin-user:strongSwan@tnc.strongswan.org/api/
+ }
}
}
}
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config
index ebe88bc99..1499dfc90 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/alice/etc/tnc_config
@@ -1,4 +1,4 @@
#IMV configuration file for strongSwan client
IMV "OS" /usr/local/lib/ipsec/imcvs/imv-os.so
-IMV "SWID" /usr/local/lib/ipsec/imcvs/imv-swid.so
+IMV "SWIMA" /usr/local/lib/ipsec/imcvs/imv-swima.so
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf
index c83805aae..5aad08905 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/strongswan.conf
@@ -4,6 +4,15 @@ libtls {
suites = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
}
+libimcv {
+ swid_gen {
+ tag_creator {
+ name = Debian Project
+ regid = debian.org
+ }
+ }
+}
+
pt-tls-client {
load = revocation constraints pem openssl curl nonce tnc-tnccs tnc-imc tnccs-20
}
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config
index f40174e57..3975056ca 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/carol/etc/tnc_config
@@ -1,4 +1,4 @@
#IMC configuration file for strongSwan client
IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so
-IMC "SWID" /usr/local/lib/ipsec/imcvs/imc-swid.so
+IMC "SWIMA" /usr/local/lib/ipsec/imcvs/imc-swima.so
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf
index 2e2fccd10..cf08b969d 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/strongswan.conf
@@ -1,11 +1,17 @@
# /etc/strongswan.conf - strongSwan configuration file
libimcv {
+ swid_gen {
+ tag_creator {
+ name = Debian Project
+ regid = debian.org
+ }
+ }
plugins {
imc-os {
push_info = no
}
- imc-swid {
+ imc-swima {
swid_directory = /usr/share
swid_pretty = yes
}
diff --git a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config
index f40174e57..3975056ca 100644
--- a/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config
+++ b/testing/tests/tnc/tnccs-20-pdp-pt-tls/hosts/dave/etc/tnc_config
@@ -1,4 +1,4 @@
#IMC configuration file for strongSwan client
IMC "OS" /usr/local/lib/ipsec/imcvs/imc-os.so
-IMC "SWID" /usr/local/lib/ipsec/imcvs/imc-swid.so
+IMC "SWIMA" /usr/local/lib/ipsec/imcvs/imc-swima.so